arXiv: 1507.0567lvl [math.GR] 20Jul2015 


A LAS VEGAS REWRITING ALGORITHM FOR THE 
SYMMETRIC SQUARE REPRESENTATION OF CLASSICAL 

GROUPS 


BRIAN P. CORR 

Dedicated to the memory of Akos Seress, who provided a great deal of input into this work. 


Abstract. In constructive recognition of a representation of a Classical group 
G, much attention has been paid to the natural representation as well as to 
generic (Black Box) algorithms that treat all representations uniformly. There 
are theoretical and practical improvements to be made by giving special treat¬ 
ment to certain non-natural representations that arise frequently. In this pa¬ 
per we present and analyse a Las Vegas algorithm for rewriting the Symmetric 
Square representation. 


1. Introduction 

A major goal of Computational Group Theory is the solving of the constructive 
recognition problem , which asks for fast (that is, polynomial time where possible) 
algorithms for the following tasks: 

(i) Given a group G < H input into a computer in some arbitrary way, de¬ 
termine the isomorphism type of G (nonconstructive recognition ); and 

(ii) Produce an isomorphism from G into some ‘standard copy’ of this type 
of group, and provide a scheme for, given g in the ‘ambient’ group H, 
deciding if g £ G, and if so, rewriting g in this ‘standard form’ ( constructive 
recognition). 

The most common ways of inputting a group into a computer are as a set of gener¬ 
ators and relations, or as a set of generating permutations or matrices: much effort 
has been spent in dealing with each of these representations separately, as well as 
in dealing with Black Box Groups, a theoretical setting in which no structural in¬ 
formation about the way in which the group is represented is assumed. 

Black Box algorithms provide complete generality, and hence apply in all settings: 
in particular, if the representation of G in the computer does not offer much infor¬ 
mation, then a Black Box algorithm will approach ‘maximal effectiveness’. On the 
other hand, particularly natural representations of a group (for example, the rep¬ 
resentation of the Symmetric Group S n as permutations of n points, or the natural 
representation of the General Linear Group) can be dealt with much more quickly 
and effectively using methods specific to the representation. 


This research forms part of the ARC Discovery Project DP110101153. The author was sup¬ 
ported by an Australian Postgraduate Award, a UWA Top-Up Scholarship, an Australian Mathe¬ 
matical Society Lift-Off Fellowship and by cNPQ and CAPES. The author wishes to thank Cheryl 
Praeger and Akos Seress for their support and input. 
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The ‘Composition Tree’ framework mm provides an elegant method for dealing 
with arbitrary matrix groups: using various methods, beginning with the MEAT-AXE 
procedure of Holt & Rees [7] , the input group G is searched for normal subgroups 
N , and a structure is set up so that N and G/N may be dealt with separately. This 
process, applied recursively, yields a binary rooted tree that gives the procedure its 
name. 

As with many group-theoretic frameworks relying on normal subgroups, the pro¬ 
cess terminates when G is almost simple (at the leaves of the tree). Each almost 
simple group presents its own unique challenges, and each family of almost simple 
groups is dealt with separately. In the matrix group setting, the Classical groups 
have received a great deal of attention, beginning with the Neumann-Praeger non¬ 
constructive SL-recognition algorithm m ■■ the problem has essentially been solved 
in the Black Box cases (which make no attempt to exploit the geometry of the 
situation) and in the natural representation (where the geometry is most rich): see 
1201 for a survey. Attention is now paid to the remaining representations for which 
there is still meaningful geometric information to use. 

In this paper we provide an updated and corrected version of the Magaard-O’Brien- 
Seress algorithm for constructively recognising the Special Linear Group in its ac¬ 
tion on the Symmetric Square module, and apply similar methods to constructively 
recognise all Classical groups (Unitary, Symplectic and Orthogonal) in their actions 
on the unique irreducible EG-module of dimension n, where ( d ^ 1 ) — 2 < n < ( d ^ 1 ) 
(in practice, this procedure will work perfectly well when the module is, in fact, the 
Symmetric Square, though in some cases the Symmetric Square is reducible). We 
wish to acknowledge and thank Cheryl Praeger and Akos Seress for their support, 
expertise and advice during the preparation of this paper. 

Theorem 1.1. Let X C GL(n, q) be a set of matrices generating a classical group 
G = Class {d,q), such that the module W defined by the action of H = ( X) is 
an irreducible section of the Symmetric Square module S 2 (V) of codimension at 
most 2. Let d! be as in Table @ and suppose that G fL {Sp(d, 3), SO e (d, 3)}. Then 
assuming that Conjecture | 7. 1 3\ holds in the Symmetric Square case, and excluding 
some small values of d (see Table\jf), there exists a Las Vegas algorithm which, with 
probability at least 1 — e, sets up a data structure for rewriting H as a projective 
representation in its natural dimension, with complexity 

O (find 2 log 2 q log e ~ 1 + p q (d 9 log d log log d log q + d 8 log d log log d log 3 q log 1 )) , 

where (h is the cost of choosing a random element of H, and p q is the cost of a 
field operation in F g . Once the initialisation procedure is complete, there is a Las 
Vegas algorithm for rewriting a group element (that is, returning a d x d matrix) 
with complexity 

0((£h + Pqd 8 log d log log d log g)) log e~ 1 ) . 

We prove Theorem 11.11 over the course of the paper, by describing explicitly 
the steps of the algorithm. This is a very specialised algorithm which provides a 
major improvement over the runtimes of the existing best algorithms (although the 
existing algorithms remain extremely useful, for they apply in many more cases 
than this one). 
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G 

Minimum d 

Conditions 

SL (d,q) 

3 


SU (d,q) 

3 

d odd 


4 

d even 

Sp (d,q) 

6 

d even 

SO ~(d,q) 

6 

d even 

SO °(d,q) 

7 

d odd 

SO + (d,q) 

8 

d even 


Table 1. Minimum values of d for Initialise 


2. Modules and Representations 

In this section we introduce some notation, in particular the Symmetric Square 
module and its irreducible constituents (note that in many cases, the Symmetric 
Square is itself irreducible). Let V = V(d,q) be a vector space over a field F = ¥ q 
of order q. Then V is called an FG- module if the group G acts on V in a way 
compatible with the vector space structure of V : that is, if (v + w) 9 = v 9 + w 9 
and ( av) 9 = av 9 for all g £ G,v,w £ V,a€ F. An FG-submodule is a subspace 
of V left invariant by the action of G: an irreducible FG-module is a module with 
no proper nontrival submodules. When a group G acts on several FG-modules, 
we use a subscript where necessary to distinguish the actions (for example, gy de¬ 
notes the action of g £ G on an FG-module V). For two FG-nrodules V,W with 
bases {iq,..., Vd 1 }, {uq,..., Wd 2 }, the tensor product V ®W is the FG-module with 
basis {vi <S> Vj | 1 < i < di, 1 < j < cfe}: an element g € G acts in the diagonal 
way (v<S>w) 9 = v 9 <S>w 9 (extending by linearity, this gives an FG-module structure). 

Consider an extension K := F d / of F := F g , and fix a basis {iq,... iq} of V. 
Then viewing K as an F-vector space (and, in turn, an FG-module with G acting 
trivially), the tensor product V ® K is isomorphic to the FT-vector space with basis 
{tq, . . .,Vd}, with the same G-action. We denote this module by Vk, and observe 
that all properties of g £ G carry over in this action: in particular, the characteris¬ 
tic polynomial does not change, although its irreducible factors do, since the notion 
of irreducibility of a polynomial depends upon the field. By considering the action 
of g on Vk, we may access a richer eigenstructure. 

2.1. The Symmetric Square S' 2 (C). The Symmetric Square module S 2 (V) is 
an irreducible constituent of the tensor square V ® V: let G € GL(V), and let 
{i >i | 1 < * < d} be a basis for V. The Symmetric Square Module S 2 (V) is the 
FG-submodule of V <8> V generated by 

{uj ® Vi | 1 < i < d} U {iq ® Vj + Vj ® Vi | 1 < i < j < d}. 

Since (—v) ® (—w) = v <S> w, the element — 1 £ G acts trivially on V <S> V (and 
hence on S 2 (V). In fact, the set {±1} is precisely the kernel of this action. For this 
reason, our rewriting algorithm can only return the action on V modulo this kernel. 
Our primary method for the rewriting algorithm is the analysis of the eigenvalues 
and eigenspaces of a group element. Since the eigenstructure of a group element 
depends on its action on a vector space, an element g will usually have different 
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eigenstructures, depending on whether we consider gv,gv®v,gs 2 (v) or an action 
on another module, and also depending on the underlying field (note that when 
the field changes, the characteristic polynomial will not change: however, its roots 
might!). We now present several relationships between the eigenstructures of an 


element g £ G in its action on different modules. Let F = ¥ q 


let K = W qd ' 


for 


some integer d'. let V = F d , and suppose that g £ GL(d, q) has d (not necessarily 
distinct) eigenvalues {A; | 1 < i < d} in its action on Vk, and there exists a basis 
{vi,... ,Vd} for Vk of (/-eigenvectors (so that for each i, Vig = A ji>j). Then the 
eigenvalues of g in its action on (F 0 f V)k are 

(A,A, | 1 < * < j < d}, 

and for each i,j, both v, 0 Vj and Vj 0 v, are (AiAj ^eigenvectors in (V <S>f V)k- 
Moreover, these are the only eigenvalues of g in {V 0 V)k- 

Lemma 2.1. Let g £ GL(F), and suppose that g has eigenvalues Ai,...,A d in 
its action on V, and that {iq,... ,Vd} is a basis for V such that for all i, Vi is a 
Aj- eigenvector for gv■ Let v,j = u* 0 Vj + Vj 0 Vi when i ^ j, and Vu = v, 0 Vi. 
Then 

{Vij | 1 < i < j < d} 

is a basis for S 2 (V), such that for every i,j, is a (A/Aj) -eigenvector for g in its 
action on S 2 (V). 

Proof. By the comments above, both Vi®Vj,Vj®Vi are (AiAj)-eigenvectors of gv®v, 
and so any linear combination of the two is itself a (AiAj)-eigenvector. That this 
set forms a basis is clear by comparing dimensions. □ 

We often consider the matrix of a given g £ G in its action on multiple bases. 
For this reason we introduce the following notation: if g £ G and 3$ is an ordered 
basis for V, then g$g denotes the matrix of g with respect to S8\ if bi, bj £ 38 then 
and (/h 1 b 2 denotes the coefficient of 62 in the expansion of bi 9 (in the case that our 
basis is indexed in the usual way, this is the (*,j)-entry of ggg). 

Let V be an FG-module, and let 38 := {bi \ 1 < i < d},38' = {&( | 1 < i < d} be 
bases for V, such that for every i, there exists c* £ F* := F\{0} such that b\ = c/fej. 
Then for every g £ G and for all i,j, we have gvy. = —gtubj- If : V —> W is an 
isomorphism of FG-modules and Y is a basis for V, then Y v is a basis for W, and 
for all v, w £ Y, g £ G, we have g v v w v = g vw . 

If instead IF is a G-invariant subspace of V, then the quotient space V/W := 
{t> + W | v £ V} is an FG-module of dimension dim V — dim IF, with the action of 
g £ G defined by (v + IF) 9 = v 9 + IF. Moreover, suppose that quo w : V —> V/W 
is the natural quotient map u4» + IF, and e, / £ V are basis vectors such that 
(e, /) n IF = {0}. Then for every g £ G, we have that g e j = 5quo(e),quo(/)- Finally 
suppose that e,f£Y are basis vectors such that e, / £ IF. Then for every g £ G, 
we have that g e f = ( gw)ef ■ Just as we may seek normal subgroups of groups by 
defining homomorphisms and inspecting their kernels, we will construct submodules 
of FG-modules by considering the nullspaces of certain maps: if T is a G-invariant 
linear form on an FG-module IF, then the kernel of T is an FG-submodule of IF. 
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Lemma 2 . 2 . Let G be a group, W be an FG-module, and let T be a G-invariant 
linear form on W (that is, a linear map W —► F), and let g £ G. If gw has an 
eigenvalue A ^ 1 in F, then the X-eigenspace of g is contained in the kernel ofT. 

Given the matrix of a group element g £ G in its action on a module V with 
respect to a fixed basis (as is always the case when dealing with a computer rep¬ 
resentation of a group), we may easily construct corresponding matrices for the 
actions of g on V (g> V and S 2 (V): 

Lemma 2.3. Let G < GL(V'), and let "V := {uj | 1 < i < d} be a basis for V. Let 
g £ G, and write gij = g Vi Vj ■ Define v%j as in Lemma [2A\ Then 

(1) 9vi®vj,vk®vz 9ik9ji> foi" an y L 3i k,£ £ [1.. ■ d], and 
(ii) for 1 < i < j < d, 1 < k < i < d, we have 

9vij,v ki = 9ik9ji T (1 Su)gu9jk- 

Proof. By definition we have 

d d 

{Vi ® Vj) 9 = V 9 ®V 9 = (^2 gikVk) ® 9jtVl) 
k =1 e=i 

d d 

= EE(» ikgjf)vk ® ve, 

fe=i i=i 

and (i) follows. For (ii), observe that, for i ^ j, we have 

(Vi ® Vj + Vj <S> Vi ) 9 = v f ® v 9 + v 9 <g) v 9 
d d 

= EE(« ik9jl + gjk9it)Vk ® Vi 

fc=1 1= 1 

Since switching k,£ does not change the value of gik9ji + 9jk9u , we have 

d 

(v i ®Vj+v j ®v i ) 9 = ikgjt + 9jk9ii){v k ®v e +v e ® V k ). 

k =1 t>k 

The proof when i = j follows by an identical argument. □ 

3. Special Elements and their Eigenstructure 

3.1. Singer Cycles (Motivation). In |14j, Magaard, O’Brien & Seress exploit 
the eigenstructure of Singer Cycles in G = SL(d, q) in their action on small degree 
F 9 G'-modules to produce their algorithm for rewriting. In other Classical groups, 
such elements cannot always be found. A Special Element has many of the same 
properties: in essence we define a Special Element as a ‘good enough analogue’ to 
the elements exploited in [14] . Special elements act irreducibly on a subspace of V 
of large dimension, and have large order (in both of these respects, the meaning of 
‘large’ is dependent on our needs). 

Let q be a prime power, and d a positive integer. Then a prime r is called a 
primitive prime divisor (ppd) of q d — 1 if r | (q d — 1 ); and for 1 < e < d, we have 
r \ ( q e — 1). A Singer Cycle in GL(d, q) is an element of order q d — 1: we identify 
such elements with primitive elements of the extension field F q d. For 1 < d! < d, 
An element s £ GL (d,q) is called a ppd(d, < 7 ; d^-element if o(s) is divisible by a 
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primitive prime divisor of q d — 1 . 

If s is a ppd(d, q; d , )-element, then the characteristic polynomial c s (t ) of s has an 
irreducible divisor / of degree d', and acts irreducibly on a unique d'-dimensional 
subspace Vf of V (the /-primary component of V [5]): in the case of Singer Cy¬ 
cles, c s (t) is irreducible and Vf = V. Some subgroups of GL (d,q) have no Singer 
Cycles, and so we must settle for d' as large as possible (in the worst case, dl = d— 2). 

The fact that c s (t) has a high degree irreducible divisor may seem, at first, bad 
news for any attempt to exploit the eigenstructure of s - after all, eigenvalues will 
arise when the divisors of c s (t) have smallest degree, not largest. However, an irre¬ 
ducible divisor of c s (t) of degree d' gives rise to d' distinct eigenvalues in the action 
of s on Vk = V ® K, where K = ¥ qd ' . Moreover, these distinct eigenvalues (and, 
consequently, their eigenvectors) form an orbit of the action of the Frobenius map 
g : x i— y x q of the extension K/F. 

Lemma 3.1. If s £ GL (d,q) acts irreducibly on V, then the eigenvalues of s on 
Vk are 

{U = A 9 '" 1 | 1 < * < d} 

for some A £ K with o(A) = o(s), and there exists a basis S{s, V) := {e; | 1 < i < d} 
of Vk such that for all i, we have that {ef) is the eigenspace of ti, and e i = G+i 
for every i £ [1... d — 1], and ef = e\. That is, we have ef = e reSd (i+i), for all i. 

Proof. By [T2l Theorem 2.14], since the characteristic polynomial of s is irreducible 
of degree d over F, the eigenvalues of s in Vk (which are precisely the roots in K 
of the characteristic polynomial of s) are as asserted and the ti are distinct. Thus 
there are d eigenspaces of dimension 1 in Vk- Fix an eigenvector ei of t\, such that 
the first nonzero entry of ei is 1 , and for each i with 2 < i < d, set := ef 
Then for each i, since s £ GL(Vp) and is therefore fixed under the action of a: 

el = ef s = (ei s) a = ( £iei) a = t\ e^— tiei, 

and so e, is an ^-eigenvector for s as required. 

Moreover, since t q d = \ qd = A = t\, we have that e d £ {ef), that is, e d is a 
scalar multiple of ei. Since ei has its first nonzero coordinate equal to 1, and since 
the action of a fixes this coordinate, we have e d = e\. □ 

Corollary 3.2. Let s £ GL (d,q), and suppose that there exists a d!-dimensional 
s-invariant subspace U of V, such that s acts irreducibly on U. Then s|c/ has d' 
eigenspaces of dimension 1 in Uk, and there exists a basis S' = {ei | 1 < i < d'} 
for U K such that ef = e reSd , ( i+ i). 

Definition 3.3. Let G be a classical group of rank r as in one of the lines of Table 
[2] Let d' be as in the 4th column of the corresponding line of Table [2] Then an 
element s £ G is a special element if s is a ppd(d, q; d'/element, and there exists 
an s-invariant decomposition V = U © U' such that dimt/ = d'\ and o(s|{/) is a 
multiple of the value in the 5th column of the appropriate line of Table [2j and if 
d' < d, then o(s|r/') is equal to the value in the 6 th column of the appropriate line 
of Table [2j 
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Case 

d 

G 

<£ 

o(«|u) 

o(s|u') 

Conditions 

A r 

r + 1 

SL(d, q) 

d 

1 1 

- 

- 

2 A r 

r + 1 

SU (d,q) 

d 

v/9 d + l 
v^+1 
>/?*' +1 
v^+1 

- 

d odd, q square 




d — 1 

1 

d even, q square 

B r 

2 r + l 

SO (d,q) 

d- 1 

q d ’/ 2 + 1 

1 


C r 

2 r 

Sp (d,q) 

d 

q d ' 2 + 1 



D r 

2 r 

SO +(d,q) 

d- 2 

q d '/ 2 + 1 

q +1 


2 D r 

2 r 

SO ~(d,q) 

d 

q d I 2 + 1 




Table 2. Properties of Special Elements of Classical Groups 


Remark 3.4. We frequently refer to our procedure Initialise ‘searching for 
special elements’, but this is not strictly true. Special elements, as in Definition 
13.31 are merely a subset of the elements that Initialise can use: in practice 
we may use elements with smaller order than the values in Table [2] (i.e. certain 
powers of special elements), but the proof that such elements are suitable is neither 
interesting nor illuminating, and adds no value to the analysis of our algorithms. 
In practice we may essentially ‘replace’ the appearances of q d / 2 + 1 in Table [2] with 
q d '/ 2 +1 

gcd(< 3 +l,<j d '/ 2 + l)' 

The subspace U in Definition 13.31 is uniquely determined by s, and s acts irre- 
ducibly on U; if d' < d , then s also acts irreducibly on U' as a consequence of the 
condition on o(s|j//). Our ultimate goal is a basis for Vl, where L is an extension 
field of F satisfying certain conditions: we define these conditions below. 

Definition 3.5. Let G be a classical group over F, let V be the natural FG-module, 
and let a be the Frobenius automorphism of K/F , where K is an extension of F 
of degree d! as given in Table [U Let & := {/* | 1 < i < d} be a basis for V: then 
we say & satisfies the almost-a-relations for V if the following hold: 

(i) for 1 < i < d' — 1 , we have that f? = f i+1 , and /£ e </i>; 

(ii) if d' = d — 1 , then f d = f d \ and 

(hi) if d' = d — 2 , then = f d and ff = /<*_i. 

If, in addition, we have f d , = /i, then we say & satisfies the a-relations for V. 

We now describe explicitly the eigenstructure of a special element on Vk- 

Lemma 3.6. Let G be a classical group of rank r, let d' be as in Tabled and let 
s £ G be a special element. Let K = , and let U, U' be as in Definition \3.3l 

Then the eigenvalues of s in its action on Vk are 

{£i | 1 < i < d}, 



-1 


where 


for 1 < i < d', 
for d! < i < d, 
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for A, fx £ K satisfying A = o{s\u),p = o(s|t/') as in the 5th and 6th entry respec¬ 
tively in the appropriate line of Tabled Moreover, there exists a basis 

<S := S(s, V ) := {e* := e s y ti | 1 < i < d} 

such that <S satisfies the a-relations for V as in Definition \3.5\ 

Proof. If d' = d then the result follows immediately from 13. ll If d' = d — 1, then 
by definition we have o(s|[//) = 1, and so s acts trivially on U'\ that is, Id = 1 is 
an eigenvalue of s, and the result follows from this fact and Corollary 13.21 since s 
acts irreducibly on both U and U'. 

If d' = d — 2, then s|y/ e GL(2 ,q) has order q + 1, and hence acts irreducibly 
on U' (since all proper nontrivial subspaces of U' are 1-dimensional), and the result 
follows by applying Corollary 13.21 separately to U and U'. □ 


4. Arithmetic 

In this section we prove a series of results in modular arithmetic which will be 
used in Section [5] below. These results have been separated so that the later re¬ 
sults, which are more relevant in the bigger picture, are not obfuscated by these 
long, repetitive and technical proofs. 


By Lemma 12.11 the multiset of eigenvalues of a special element of a classical group 
G in its action on the tensor product (V V)k is the multiset 

s : = {4,- I y'e {l,..., d}}, 

where each £ij is an element of K = ¥ a i , and is the product of a pair of eigenvalues 
of s in its action on Vk as described in Lemma [5.111 below (note that the details 
of this are not required for the results in this section, except as motivation). This 
multiset has size d 2 , but contains repeated values: in all cases, for example, we have 
tij = Iji. In this section we provide necessary conditions for other coincidences to 
occur. 


Proposition 4.1. Suppose q is a prime power, that d' £ Z with d' > 4, and suppose 
there exists j, m,n 6 Z, with 1 < j < d'/ 2, 1 < m < n < d' and satisfying 


( 1 ) 


1 + - 9 m_1 - 9" _1 = 0 (mod —--i). 


q~ 1 


Then m = 1 and n = j. 

Proof. For all such j, m, n, we have 


1 + q- 7-1 - q m ~ Y - q n ~ x < 1 + /Z 2 " 1 - 1 - 1 = -1 + / /2 < 


q d ‘ - 1 

<7-1 ’ 


and on the other hand, 


1 + g- 7 ” 1 - q m ~ Y - q n ~ X >2- /- 1 - q d '~ 2 = ^ 2 + 2 -^ - - 

q~ 1 

and so we have equality in ©. not just equivalence modulo q q _i ■ Thus 

1 + qi - 1 = q ™- 1 + g "- 1 


r,d' 
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and reducing modulo q we have that m = 1 , from which it immediately follows that 
n = j. □ 

We now address the ‘hard case’, where d! is even and o(A) is q d / 2 + 1. We seek 
solutions to the equation 

( 2 ) 1 + tf- 1 + e ™?™'- 1 + e n q n '~ 1 = t(q d '' 2 + 1 ) 

for integer values of j, m', n’, e m , e n , t with 1 < < d!/2 , e m ,e n £ {— 1 , 1 }. 

We make an important distinction here: due to the fact that the Symmetric Square 
module contains the Alternating Square module when q is even (and therefore we 
do not consider it in this paper), we need not consider the case that j = 1 when q 
is even. For completeness (and for future use) we still consider the cases that apply 
to the Alternating Square (i.e. q even and j ^ 1). 

Lemma 4.2. Suppose q is a prime power, that d! £ Z is even with d! > 6 , and 
suppose that j,m!,n',e m ,e n ,t £ Z, with 1 < < d'/2, e m ,e n £ {±1}, and 

(m',e m ) ^ (n',e n ), satisfy ( 0 ). 


Then t £ {0,1}, and if t = 1 then q = 2, and up to switching m,n, we have 
that j = ^— l,£m = l,m' = tt— 1 , e„ = l,n' = y. 

Proof. Since the pair (m', e m ) ^ (n',e n ), we have 

9 cZ'/2—1 d’ 12— 2 ^ i I — 1 i c -T+ — 1 i c r, n '~ 1 ^ 1 i r,d' / 2 — 2 , 9 d! 12— 1 

2 — 9 ~q <1 + 9 + e m 9 + e „9 <1 + 9 + 2q ' , 

and so 

2 _ g +/ 2 -l _ q d'/ 2-2 1 + g d'/ 2-2 + 2 // 2-1 

gd '/ 2 -|-1 — — g d '/2 -(- 1 

It is readily checked that the upper bound is less than 1 if q > 3, and less than 2 if 
<7 = 2, while the lower bound is greater than —1 for all q. Suppose that t = 1: then 
q = 2 (we continue to write 9 ), and d 2 j is 


n m — 1 


*' — !=//2 + 1 . 


I I — J- I ^ _.7?<r —-L I ~7 1 ^ 

+ q J + £m9 + e n9 — 9 

Now the largest value the left hand side can take is when j = d'/2,e m = e n = 
1 , m! = d'/2 — l,n' = d'/ 2 , and in this case we have 

l+q j ~ 1 +e rn q rn '~ 1 + e n q n '~ 1 = 1 + 2 q d’/ 2 -i +q d'/ 2-2 = 1+q d'/ 2 +q d'/ 2-2 > 1+q d ’/2 

The next-largest value is attained when j = d'/2 — l,e m = e n = 1 ,m' = d'/2 — 
l,n' = d!/2: in this case 

1 1 n 3 ~ 1 1 c 1 1 n —1 -1 1 9 d r / 2—2 1 d ' 12 — 1 i , 9 d r / 2 — 1 1 , d / /2 

1 + <r + + e n g = 1 + Zg 7 + g ' =l + zg / = 1 + g ' . 

This is precisely the solution given. All other combinations of j,e m ,m',e n ,n' give 
smaller values for the left hand side, and so cannot yield solutions. □ 


Proposition 4.3. Suppose q is a prime power, that d! £ Z is even with d' > 6 , 
and suppose that j , m ', n! , e m , e n £ Z, with 1 < j, m', n' < d'/2, e m , e n £ {±1}, and 
(?n',e m ) / (n',e„), safe/?/ 

(3) l + 9 J - 1 +em 9 m '^ 1 + en 9”'- 1 = 0 (mod 9 d ' /2 + 1). 

T/ien one of the following holds: 

(i) £m = £n = —1 and { 1 ,/} = {rn , ,n / } (t/ie trivial solution}; 

(ii) 9 = 2, j = y - l,e m = \,m! = ^ - l,e„ = \,n! = 
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(iii) q = 3, j = l,m' = e m = 1 ,n’ = 2,e n = -1; or 

(iv) q = 2 ,j = 2 , 771 ' = e m = 1 ,n' = 3,e„ = -1. 

Proof. Suppose that we are not in case (ii): then by Lemma 14.21 we have equality 
in ©• Reducing modulo q we have 

(4) 1 + qj 1 + e m q m 1 + = 0 (mod q). 

Since (m',e m ) 7 ^ (n',e„) implies e m q m _1 7 ^ e n q n _1 , they cannot both be 1 nor 
both —1, and so the left hand side of ©, when reduced modulo q , is equal to 0,1, 2 
or 3. Since q > 2, only the values 0, 2 and 3 can possibly be equivalent to 0 modulo 
q. We treat each case separately, and refer to the value of the left hand side of © 
after it has been reduced modulo q as the reduced left hand side of ©• 

If the reduced left hand side of © is 3, then q = 3,j = 1 and exactly one of 
e m g m _1 , e n q n -1 = 1, say m! = e m = 1 and n! > 1. Then © yields 

3 + e n q n 1 = 0, 

forcing e„ = —1 ,n' = 2: This is solution (ii). 

If the reduced left hand side of © is 2, then q = 2 and one of the terms in 
the left hand side is 1, say e m < 7 m _1 = 1 (noting that when q is even we have j > 1). 
Then © is 

2 + q J_1 + e n q n -1 = 0 , 

forcing e n = —1, and so 

2 + tf - 1 =q n '~ 1 . 

There is only one way in which l 2 plus a power of 2’ can equal a power of 2: namely 
2 + 2 = 4, and so j = 2, n' = 3. This is solution (iii). 

Finally, if the reduced left hand side of © is zero, then j > 2 and one of e m <? m -1 , e n q n -1 
— 1, say m' = 1, e m = — 1 and n' > 1. Then © reduces to 

q j - 1 +e n q n '- 1 = 0, 

and so e n = — 1, n' = j. Thus m = l,j = n, e m = e n = — 1, the trivial solution. □ 

In the case G = SU(d, q), we have that q is a square, and A has smaller order 
than q d / 2 +1, and so we must treat it separately (though we use similar methods), 
and we must solve the following equation, which bears a strong similarity to ©: 
note that in the Unitary case, we have d' odd. 

Proposition 4.4. Suppose q is a square prime power, that d' £ Z with d! > 3, and 
suppose that j,m',n',e m ,e n € Z, with 1 < j,m',n' < (d 1 — l)/2, e m ,e n £ {±1}; 
and 7 ^ (n',e n ), satisfy 

(5) 1 + q j ~ X + + e n q n '~ l = 0 (mod ^ + / ) 

Vd + 1 


Then e m = e n 


1 and {1 ,j} = {m!,n'}. 
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Proof. Suppose that 

1 i „■? — 1 i „m'— 1 i „n' — 1 4 -f ^ 1 

1 + 9 + e m q + £ n q — t — — . 

V v^+ l j 

Now since the pair (m!, e m ) ^ ( n', e n ), we have 

2 _ qid ' -1) 12-1 _ q (d' - 1 ) 12-2 < 1+q j-l +emq m'-l +enq n'-l < l+q (d'-1) / 2-2 +2q (d'-1) / 2 - 1 , 

and so 

i^±i (2 - < t < +1±I (l + + 2,«->/-) . 

Onve again it is simple to check (noting that q > 4) that the left hand side is 
greater than —1, while the right hand side is less than 1. Thus t = 0 and we have 
equality in ([5]) , and the result follows by the arguments in the proof of Proposition 
El noting that the exceptional cases with q not a square do not arise. □ 

For the sake of brevity we state the remaining results of this Section without 
proof: the statements and analysis are similar to the results above, and the full 
proofs (as well as more detailed proofs of the results above) are available in Section 
2.4 of 0] (we will refer the reader to the specific results as we go). 

Proposition 4.5 ([5], Proposition 2.4.13). Suppose q is a prime power, that d! > 8, 
and suppose that t,j,m',e m £ Z, with 1 < j,m! < d! /2, e m ,£ {±1}, satisfy 

(6) 1 + qi- 1 + e m q m '~ x = 0 (mod q d>/2 + 1). 

Then q = 2, and one of the following holds: 

(i) d' = 10, j = 3, e m = —1, m! = 5 (that is, 3 x (1 + 4 — 16) = —32 — 1 ); 

(ii) j = 1, e m = —1, m! = 2 (that is, 3 x (1 + 1 — 2) = 0 ); or 

(iii) d' = 10, e m = 1, { j, m'} = {2,4} (that is, 3 x (1 + 2 + 8) = 32 + 1). 

Proposition 14.51 solves the issue of whether eigenvalues of the form £ij, £ s rn t can 
be equal, in the case d! = d — 2 below. In the case d! = d — 1, we must compare 
eigenvalues of the form 

Corollary 4.6 ([3], Corollary 2.4.14). Suppose q is a prime power, that d' > 8, 
and suppose that j,ml,e m € Z, with 1 < j, m! < d!/2, e m £ {±1}, satisfy 

(7) 1 + tf- 1 + emq™'- 1 = 0 (mod q d '' 2 + 1). 

Then q = 2, j = 1, e m = —1 ,m' = 2. 

Proof. Multiplying by (q + 1) implies that J6]) holds, and so the result immediately 
follows by testing the solutions found in Proposition EU of these, only (ii) satisfies 
( 0 . ’ □ 

Once again we must treat the Unitary case separately: 

Corollary 4.7 ([3], Corollary 2.4.15). Suppose q is a square prime power, that 
cl ^ 5. Then there is no j, m , e^yi £ Z,, ujxth 1 ^2 J , m Si (d 1) /2, £ {±1}, 

satisfying 

1 + q^ 1 + e m q m '~ 1 = 0 (mod ^ j_ + 1 ). 

y/Q 1 -I- 


(8) 






12 


B. CORR 


5. The Eigenstructure of Special Elements on (V <g> V)k 

In this section we determine the precise eigenstructure of a special element s £ G 
in its action on (V 0 V)k, which will enable us to determine the eigenstructure 
of s in its action on S 2 (V)k- This eigenstructure is the crux of the procedures 
Initialise and FindPreimage. Throughout this section, define resd'(*) as the 
unique integer j such that 1 < j < d! and j = i (mod d'). 

5.1. Coincident Eigenvalues lij . There are two ways in which eigenvalues lij 
may coincide: there are cases where lij = 1 (leading to a nontrivial fixed-point 
space of s), or where two eigenvalues are not 1, but coincide anyway. 

Lemma 5.1. Let A £ K, let li = X q for 1 < i < d!, and let lij = lilj for 
1 < i < j < d 7 . Suppose that the order of X is divisible by a primitive prime divisor 
r of q d — 1, and suppose for some integer t, not divisible by r, we have l\j = 1. 
Then d' is even, and j — i = d'/2. 

Proof. If l\j = 1 then 1 = X t ( qi ~ 1+qj ~ 1 ' ) = \ tqi ~ 1 ( 1 +<^~ i ) f S o r divides tq i ~ 1 (l+q j - i ). 
Since r does not divide q or t , and r is prime, it follows that r | (1 + and 

so r divides q 2( b -1 ) — 1. Since r is a primitive prime divisor of q d — 1, it follows 
that d’ | 2{j — i), and since 0 < j — i < d!, we have 0 < 2 (j — i) < 2d' and so 
2(j ^ i) = d'. ' □ 

Lemma 15.11 with t = 1, is crucial in determining when a special element s has 
an eigenvalue 1. Note that Lemma 15. II provides only a necessary condition, and not 
a sufficient condition: in some cases, the eigenvalue l\ } d'/ 2+1 may be different from 
1 (this is dependent on the order of A). 

The existence of a fixed-point space of s in its action on (V 0 V)k may seem 
unfortunate (in the sense that it guarantees that not all of the eigenspaces can be 
1-dimensional). However, in Section [2] we observe that, in all but the Unitary and 
Linear cases, G has fixed points in its action on M(U) = V 0 V, and so these 
products equalling 1 is inevitable - we cannot hope to find an element in G with 
no fixed points. 

We now address coincidences among the lij other than those corresponding to fixed 
points: we seek pairs {i,j), ( m,n) such that lij = l m n■ We begin by exploiting the 
symmetry of the problem under the action of cr as much as we can. 

Lemma 5.2. Suppose q is a prime power, and d' an even integer with d' > 6. Let 
I\ = ¥ d >, let X £ I\, and suppose that o(A) is divisible by a primitive prime divisor 

r of q d ' — 1. Let li = X q ' 1 , for 1 < i < d', and let lij = lilj for 1 < i,j < d!. 
Suppose that there exist integers i,j, m,n € {1,..., d'}, satisfying 

l - — l 

t'lj — ^ mn • 

Then at least one of the following holds: 

(i) {*,j} = {m,n}; 

(ii) d' is even, and res d'{j — i) = res d'(n — m) = d'/2; 

(iii) There exist integers k , s, t , a, with 1 < k < d’/2, and 1 < s < t < d!, such 
that l\}z 1st ? and lij — 1 j^. 


A LAS VEGAS REWRITING ALGORITHM FOR THE SYMMETRIC SQUARE REPRESENTATION OF CLASSICAL GROURS 


Proof. Suppose that res d'(j — i) = res d'{n — m). Then setting t' = res wif — m), we 
have res d'{m + t') = i , and res d'{n + t') = res d'(n — m + i) = res d’{j — i + i) = j, 
and so 

^rnn = £m+t' ,n+t' = £ij — £mn■ 

Thus £ q nr f 1 = 1. If t' = d! then m = i,j = n and we are in case (i). Assume t' < d': 
then since r is a primitive prime divisor of q d — 1, r does not divide q* — 1. Then 
by Lemma T5. 1 1 (with t = q l — 1), we have resd'(n — to) = res d'(j — i) = d' /2. 

Suppose, then, that res d'{j — i) 7 ^ resd'(n — to) and so at least one of res d’{j — 
i),resd'(n — to) is distinct from d 1 / 2, and at least one is distinct from d!. If 
resd'(j — i) = df/2, or if res d’{n — to) = d! then we switch {i,j} with {m,n}: 
then we may assume that res d'{n — to) d' and res d'{j — i) 7 ^ d!/ 2 . 

If res^ (j — i)< d'/2, then setting k = res # (j — i + 1), and a = res # (* — 1), we have 

£% = iij + = h,j-i +1 = £\k- Set {s,f} = {res d '{m - i + l),res d /(n - i + 1)}, 

with s, t ordered so that s < t. Note that since res d’{n — to) 7 ^ d! we have to 7 ^ n, 
implying that s 7 ^ t. Then £ij = £ q k , 

£lk == ^rnn = £mn = £m—i+l,n—i+l = £st , 

and k = res<j'(j — i + 1 ) < d '/2 + 1 , and so k < d'/2 as required. 

On the other hand, if res d'{j — i) > d'/ 2, then res d>{i — j) < d'/2. Then setting 

k = res d'{i~j) + 1 , and a = res d >(j - 1 ), we have £h = ^ " + = U-j+ 1,1 = hk- 
Set {s, t} = {resd '(to — j + 1), resd '(n — j + 1)} with s, t again ordered so that s < t. 
Then we have ^ = £ q k , t\k = £ s t, and again k < d '/2 as required. □ 

The upshot of Lemma l5.2l is that in our search for coincidences £ij = £ mn among 
our eigenvalues, we may assume without loss of generality that i = 1 ,j < d '/2 and 
to 7 ^ n. The first case we deal with is the Linear Case, where the order of A is 
largest: 

Lemma 5.3. Suppose q is a prime power, and d' an integer with d' > 4. Let A € K 

d f t i _1 

have order a multiple of q . Let £i = X q , for 1 < i < d', and let £ij = £i£j 
for 1 < i < j < d!. Suppose there exist integers j,m,n such that £ij = £ m n, with 
1 < j < d '/2 and 1 < to < n < d', with j 7 ^ 1 if q is even. Then (l,j) = ( m,n ). 

Proof. If £\j = £ mn then \ l+ql 1 -i rn = 1 , and hence 

1 + - 9 m_1 - d n ~ l = 0 (mod -). 

9-1 

This is a solution of equation ©, and the result then follows from Proposition 

m □ 

In all other cases things are more difficult, and most of Section 0] is devoted to 
aspects of the proof that the £^ rarely coincide. 

Lemma 5.4. Suppose q is a prime power, and d' an integer with d' > 6 . Let 
A £ K have order q d / 2 + 1. Let £i = X q , for 1 < i < d', and let £ij = £i£j 
for 1 < i < j < d!. Suppose there exist integers j,m,n such that £\j = £ mn , with 
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1 < j < d!/2 and 1 < m < n < d', with j ^ 1 if q is even. Then one of the 
following holds: 

(i) {1 ,j} = {m,n} (the trivial coincidence,); 

(ii) q = 2, j = d'/2 — l,m = d! — l,n = d; 

(iii) q = 2, j = 2, to = d'/ 2, and n = 3; 

(iv) q = 3, j = 1, to = 2, and n = d' /2 + 1. 

Proof. Solutions to tdj = are integer solutions to the equation 
1 + — g m_1 — q n ~ x = 0 (mod o(A)), 

for 1 < j < d' / 2, and 1 <m<n< d'. Now if m > d' /2, then 
q m ~ 1 = q ™-d'/2-l( q d'/2 + _ q m-d’/2-l^ 

and so 

g ™- 1 = ( mod g d '/2 + !). 

The same argument holds if n > d 1 /2, and so we have 


1 + q 3 1 + e m q 


,m — 1 


+ e n q n '- 1 = 0 (mod q d '' 2 + 1), 


where 


and 


m 


when m < d' / 2 
m — d'/2 when m > d'/ 2, 


and 




— 1 when m < d'/2 
+1 when m > d! /2, 


n are defined likewise. Note that while m' may be equal to n ', since 
m < n, we have (e m , m 7 ) ^ (e n , n') 1 and all of j, m', n! lie between 1 and d'/2. That 
is, (J, m', e m , n', e n ) is a set of solutions to equation 


1 + q J 1 + e m q 


,m' — 1 


+ = 0 (mod q d '^ + 1). 


This is precisely m in Section [4) and the result follows by Proposition 14.31 □ 

Note here that the solutions (ii), (iii) in Lemma [5.41 are essentially ‘the same’ 
coincidence: one can be obtained from the other by switching (1, j) with (to, n) and 
cycling under the action of a. We now address the Unitary case: note here that 
d' is always odd (see Table 13, and so d!/2 is not an integer. Thus when Lemma 
m allows us to assume that j < d'/ 2, we may strengthen this to assume that 
3 < (<*' - l)/2. 


Lemma 5.5. Suppose q is square a prime power, and d! an odd integer with d' > 3. 
Let A € K have order v ^- + f L 1 . Let U = \ q , for 1 < i < d', and let lij = l^lj 
for 1 < i < j < d'. Suppose there exist integers j,m,n such that t\j = £ m n , 
with 1 < j < (d! — l)/2 and 1 < to < n < d', with j ^ 1 if q is even. Then 
(1 ,j) = ( m,n ). 

Proof. Define e m , m' , e ra , n' as in the proof of Lemma [5.4l above: then by an identical 
argument, since o(X) \ ( q d '^ + 1) (where q d '^ denotes v / q d ), we have that g m_1 = 
” 1 modulo o(A), and so a solution to t\j = l m n corresponds to a solution to 


1 + q 3 1 + e m q 


m '- 1 + e n q n '- 1 =0 (mod ^ + / ). 


v^ + l 

This is precisely equation (0 in Proposition 14.41 and the result follows. 


□ 
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We now address the possibility of coincidence which are specific to the cases 
d! = cL — 2, d — 1. 

Lemma 5.6. Suppose q is a prime power, and d' an even integer with d'/2 > 3. 

Let K = F d i, let A £ K, and let p £ K have order q + 1. Let = \ q , for 
1 < i < d', let mi = g.,m 2 = [i q , and let lij = lilj for 1 < i, j < d'. Suppose that 
there exist integers i,j, k £ {1,..., d'}, and t £ {1, 2}, satisfying 

lij — l k m.f • 

Then there exist integers r , s, n , a, with 1 < r < d!/2 ,1 < s < d!, 1 < n < 2, such 
that £ir = f s m„, and lij = l\ r . 

Proof. Set r = min-fres^/ (j — i + 1), res d'{i — j + 1)}: ifr = res d'{j — i + 1), then 
we have £ q lk = ii+i-\^+i-i = Ijj, and so setting a = d r — i + 1, we have that 
ilk = lij , and 

ilk = ijj = (f'fcUp j ^ = lres d , (k+a)^reS 2 (t+a) • 

Then setting s = resw(k + a),n = res 2 (t + a ), the result holds. When r = vesw(i — 
j + 1), the result holds by an identical argument, with a = d' — j + 1. □ 

Lemma 5.7. Suppose q is a prime power, and d' an even integer with d'/2 > 3. 

Let A £ K have order q d / 2 + 1, and let /i £ K have order q + 1. Let it = \ q , 
for 1 < i < d', let mi = p q for 1 < * < 2, and let lij = Ijlj for 1 < i < j < d!. 
Suppose there exist integers j,s,t such that lij = l s mt, with 1 < j, s < d! and 
l < t < 2, with j ^ 1 if q is even. Then q = 2, and one of the following holds: 

(i) d' = 10, j = 3,e m = —1, m! = 5; 

(ii) j = 1 ,e m = —1) na' = 2; or 

(iii) d! = 10, e m = 1, {j, m'} = {2,4}. 

Proof. Since o(/x) = q+ 1, we have that If^ 1 = ( i s m t ) q+1 = l q+1 , and so A^ 1-1- ^ 1 )(«+ 1 ) = 
A«‘ _1 (« + 1); that is, 

(1 + q 3 - 1 - q 8 - 1 )^ + 1) = 0 (mod q d ' /2 + 1). 

As in the proof of Lemma 15.41 set 

, f s when s < d' 12 f —1 when s < d! 12 

s = < , , , , and e s = < 

ys — d /2 when s > d' /2, j^+1 when s > d /2, 

and we have that e s q s _1 = — q s ~ l modulo q d ! 2 + 1, implying 

(1 + tf- 1 + e s g s _1 )(l + q) = 0 (mod / /2 + 1). 

This is precisely equation (0, and the result follows by Proposition [475] □ 

Lemma 5.8. Suppose q is a prime power, and d! an even integer with d'/2 > 3. Let 
I\ = F , and let A £ K. Let li = \ q , for 1 < i < d!, let mi = fi, m 2 = pfl, and 
let lij = liij for 1 < i, j < d!. Suppose that there exist integers i,j, k £ {1,..., d'}, 
satisfying 

lij l-k • 

Then there exist integers r, s , a, with 1 < r < d'/ 2,1 < s < d', such that li r = l s , 
and lij = l\ r . 
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Proof. This follows immediately by the same proof as Lemma 15.61 replacing /i with 

1 . □ 

Lemma 5.9. Suppose q is a prime power, and that d' is an even integer with 
d! > 6. Suppose that A £ K has order q d / 2 + 1, let U = \ q for 1 < i < d', and 
let £%j £; £j • 


Suppose there exist integers j, s,t such that i\j = l s , with 1 < j < d' / 2, 1 < s < d!, 
with j ^1 if q is even. Then q = 2, j = 1, e m = — 1, ml = 2. 

Proof. By an identical argument to the proof of Lemma 15 . 71 above (without raising 
to the (q + l)st power), we have that 

l + q^ 1 +e s q s '~ 1 =0 (mod// 2 + 1) 

where s', e s are as defined in the proof of Lemma l5.7l Then j, e s , s', q, d' are solutions 
to the equation 0 in Section U Then the result follows from Corollarv l4.6l □ 

Once again we must treat the Unitary case separately. 

Lemma 5.10. Suppose q is a square prime power, and that d! is an odd integer 
with d! > 3. Suppose that A £ K has order a multiple of v ^ + f L 1 , let £i = X q for 
1 <i < d' , and let tij = tilj ■ 


Then there do not exist integers j, s,t such that l\j = i s , with 1 < j < (d' — l)/2 ,1 < 
s < d!. 


Proof. Again by an identical argument to the proof of Lemma 15.71 we have that 


1 + q q ~ x + esq 8 '- 1 = 0 


(mod 


V^' + K 

v^ + l 


where s', e s are as defined in the proof of Lemma HTTl Then j, e s , s', q , d' are solutions 
to the equation © in Sectional Then the result follows from Corollary 14. 71 □ 


Lemma 5.11. Let G be a classical group as in one of the lines of Tabled and let 
s £ G be a special element as defined in Defi,nit/i,on \3.3[ with eigenvalues {£j | 1 < 
i < d} as in Lemma \3.6l and let $(s, V) = {ej | 1 < i < d} be as defined in Lemma 
\3.(A Suppose that in the Linear and Unitary cases, we have d > 4; in the remaining 
cases with d! = d we have d' > 6; in the cases d' = d — l,d — 2 we have d' > 8. 

Then the eigenvalues of s in its action on (V ® V)k are 

{£ij := tdj | 1 < i < j < d}, 

and the following hold: 

(i) if = 1 then either d! = d — 1 and i = j = d; or d! = d — 2 and 

{i,j} = {d— 1, d}; ori< d!,j < d!, Tesd'(j-i) = d' /2, and G is Symplectic 
or Orthogonal; 

(ii) for each pair ( i,j ) with 1 < i < j < d, the lij-eigenspace of s in its action 
on ( V < 8 > V)k contains the tensor products e, <g) ej, ej ® ej/ and 

(iii) the £ij-eigenspace of s in its action on (V <g> V)k precisely (e* ® ej, ej ® 
ef), except when lij = 1 and G £ {Sp(d, q), SO e (d, q)}; or when G £ 

{Sp(d, 3), SO e (ci, 3)}, andresd'{j—i) £ {d r , d'/2+1}; or when G £ {Sp(d, 2), SO e (d, 2)} 
and res d>(j — i) £ {1, d'/2 — 2}. 
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Proof. By Lemma lOl if tij = 1 and 1 < i < j < d! then d! is even and res d'(j — i) = 
d!/ 2. Since (when d' = d — 2) for /i £ K of order q + 1 we have that g? d 1, the 
only other possible pairs giving tij = 1 are those listed. In the Linear case we have 

that o(s) > an d so ^i,d'/2+i = A qd /2+1 / 1, and so 1 is not an eigenvalue. In 
the Unitary case, we have that d! is odd, and so tij = 1 only if i = j = d, and so in 
this case the eigenspace of 1 is precisely {ea ® e^}. In all other cases when Uj = 1, 
the eigenspace of 1 has dimension greater than 1. Thus (i) is proved, (ii) follows 
from Lemma l2.ll and (iii) follows from (i), and from Lemma 1 5.2 1 and Lemma 15.31 in 
the Linear case; Lemma |5.21 and Lemmas I5.4U5.5I in non-Linear cases with d' = d; 
Lemma [5781 and Lemmas l5.9l 15.101 when d' = d— 1; and Lemma PTTGl and Lemma [5771 
when d' = d — 2. □ 

Having completely described the action of a special element on (V ® V)k, we 
turn to the submodule S 2 (V). The eigenstructure of a special element’s action on 
S 2 (V)k and can be ‘read’ directly from Lemma 15. 11 1 using Lemma [2~il in the next 
section, we provide concrete links between the action of an arbitrary g £ G on 
various bases for S 2 (V)k (and hence its irreducible constituents). 

6. The Action of a Special Element on the Symmetric Square S 2 (V)k 

Lemma 6.1. Let G be a Classical Group as in one of the lines of Tabled and let 
s £ G be a special element as defined in Defi,nit'i,on \3.3[ with eigenvalues {£i | 1 < 
i < d} as in Lemma, 1 3 . 61 and let $(s, V) = {ej | 1 < i < d} be as defined in Lemma 

m 

Define 

£(s,S 2 {V)) = {e SiS 2 (y),ij | 1 <i<j<d}, 

where 

^s,S 2 (V),ij — ei ej T (1 ® 

Suppose that in the Linear and Unitary cases, we have d > 4; in the remaining 
cases with d! = d we have d! > 6; and in the remaining cases with d! = d — 1, d — 2 
we have d' > 8. Then the eigenvalues of s in its action on S 2 {V)k are 

{tij := £dj | 1 < i < j < d}, 

and the following hold: 

(i) if tij = 1 then i < d!,j < d' and the condition in the 5th column of the 
appropriate line of Table [H holds; 

(ii) for each pair the tij-eigenspace of s contains e s ,s 2 (v),ijt an d 

(iii) the tij-eigenspace of s is precisely {e s ,s 2 (v),ij)> except when either tij = 1 
and G £ {Sp(d, q), SO e (d, q)}; or G £ {Sp(d, 3), SO e (d, 3)}. 

Proof. This follows immediately from Lemma 15.111 and 12.11 (note that the excep¬ 
tional cases in Lemma [5.111 for q = 2 do not apply here as q is odd). □ 

Lemma 6.2. Let G be a classical group, let W be an FG-module isomorphic to 
S 2 (V), and let App w be the set of pairs ( i,j) of integers such that, for any special 
element s £ G, the tij-eigenspace of s in its action on W has dimension 1. Then: 
(i) if G £ {SL(d, q), SU(d, q)}, then d! = d and App^/ = {(*, j) \ 1 < i < j < 
d}; 











18 


B. CORR 


(ii) if G £ {Sp(d, q), SO _ (g?, q)}, q > 5, then d! = d and ( i,j ) £ App^ if and 
only if 1 < i < j < d, and j — i ^ d/2; 

(iii) if G £ {SO°(d, q) for d odd}, q > 5, then d! = d — 1 and ( i,j ) £ App w if 
and only if either 1 < i < j < d', and j — i ^ d'/2; or 1 < i < d' and 

j = d; 

(iv) if G = SO + {d, q), q > 5, then d! = d — 2 and (i,j) £ App^ if and only if 
either 1 < i < j < d!, and j — * ^ d!/ 2; or 1 < i < d! and d! < j < d; or 
d' < i < d and j = i. 

Note that in all cases, if 1 < i < j < d!,j — i ^ d!/2, we have ( i,j ) £ App^. 

Proof This follows immediately from Lemma ICT1 Note that while the eigenvalues 
and eigenvectors depend upon s, the set of pairs (i,j) £ App^y does not. □ 

While the notation e St s 2 (v),ij is cumbersome, there are very many modules and 
bases to consider, and it is sometimes needed for clarity. We will often simply write 
eij when there is no ambiguity. 

Definition 6.3. Let G be a classical group as in one of the lines of Tabled let s £ G 
be a special element as in Definition 13.31 and for 1 < i < j < d, let e,; 7 - := e s ,S 2 { V ),ij 
be as defined in Lemma l6.il Let a be the Frobenius automorphism of the extension 
K/F. 


Suppose that f? = {/„• | 1 < i < j < d} is a basis for S 2 {V)k■ Then J 5 " is 
said to satisfy the a-relations for S' 2 (V r ) if the following hold: 

(i) for 1 < i < j < d' - 1, ff 3 = fi+ij+i; 

(ii) for 1 < i < d! - 1, f° d , = / M+ i, and f G d , d , = /u; 

(iii) if d! = d - 1 then, for 1 < i < d', f G d = fi+i,d , and f/[ d = f d d\ 

(iv) if d' = d -2 then, for i < i < d ', f G d _ 1 = f leSd ,(i+i),d, f° d = /res d ,(i+i),d-i, 
an d fd-l >d -l = fdd,f d _i’ d = fd-l,di and f dd = fd-l,d-l- 

If & has a partial labelling { fi 3 \ fi,j) £ App^} C &, then we say that & satisfies 
the o--relations for App^ if the relations hold for all (i, j) £ Appjy. 

Lemma 6.4. Let G be a classical group as in one of the lines of Tabled let s £ G 
be a special element as defined in Definition 1 3.31 and let <£(s, S 2 (V)) = {e^ := 
e s,S 2 (v),ij I 1 < * < J < cZ} as defined in Lemma \6.1\ Then £(s, S 2 (V)) satisfies 
the a-relations for S 2 (V). 

Proof. The relations follow immediately from the fact that, by Lemma 13.61 the 
er-relations for V (as in Definition 13.511 hold for {ej | 1 < i < d}. □ 

Lemma 6.5. Let G be a classical group as in one of the lines of Table 0 let 
s £ G be a special element as defined in Definition \S.S\. let W = S' 2 (L), and let 
£ = £ (s, S 2 (V )) = {eij | 1 < i < j < d} be as in Definition \6.fA 

Suppose that there exists a basis ^s 2 (V) := J^(s, S 2 (V), £) := {fij := f s ,v,s,ij | 
1 < i < j < d} for Wk such that, for every pair ( i,j ) with 1 < i < j < d, we have 
that f s ,v,S’,ij € (eij), and &s 2 (v) satisfies the a-relations for S 2 {V) as defined in 
Lemma \6.1[ 

Then there exists an extension field L of K of degree at most 2, a basis £Py = 
J?(s,V,J?s 2 (v)) '■= ifi I 1 < i < dj for V L , and a set <£ = ^(s, d? S 2 (v), &v) '■= 
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{cij \l<i<j<d}CL, such that fpy satisfies the almost-a-relations for V, and 
for 1 < i < j < d, we have 

fij = Cij (fi Qi) fj "4“ (1 h-ij ) fj Q:) fi ) ■ 

Moreover, we have that c\\ = 1; and if d! < d, we have C\j = 1 for j > d'. 

Proof. Let Sy := {e^} be as defined in Lemma Id.61 Then since each ff is a scalar 
multiple of e^, there exist constants cL £ K such that f t j = c'^etj. Suppose 
that for every i, we set fi = Ojej, for a* £ L. Then for every i,j, we have that 
fi ® fj = ( aiei ) ® ( ajej ) = ai.aj(ei ® ej), and so 

fi T: fj T (1 Sij ) fj vj) fi — a, o.j (d (S' Cj T (1 Sij)ej S' e: J — o, Oj e,j. 

For 1 < i < j < d', set Cij := cL(ajaj) -1 £ L: then 

Cij (fi S fj T (1 ) fj S fi) = CijCij — fij. 

This holds for all choices of {a.;}, and so we have a great deal of freedom. By m 
Theorem 2.14], we may choose a square root x of c' n in the extension field L/K. 

For 1 < i < d', set ai = x q : then a\ = x 2 = cf 1 , and so cn = c'^af 2 = 1, 
and when i < d !, we have ff = ( aiei) a = ( x q ) q ei+\ = cq+iei+i = fi+\. When 
i = d, we have that = ei, and so f? = a q d f\ £ (/i), and so the almost-u-relations 
hold for i < d'. The other relations follow in a similar way. 

If d' < d, then for j > d', set aj = c'^af 1 : then aia^ = c' lj . and we have 
cij = Cij(aiaj)~ 1 = 1 as required. □ 

The purpose of Lemma 16.51 is to allow a safe ‘transition’ between an action of 
g £ G on S 2 (V)k to an action on Vl (although we will later show that this action 
remains within the confines of Vk)- However, it depends on our ability to find 
the constants , and this is not necessarily possible. There is, at one point in 
the procedure, a square root to be taken, and so a choice must be made, and a 
sign ambiguity introduced. The following result permits us to choose either path 
without regret. 

Lemma 6.6. Let G be a classical group as in one of the lines of Table [H let 

s £ G be a special element as defined in Definition \S.!A let W = S 2 (V), and let 

$S 2 (v) = {Gj \ l<i<j<d} be as defined in Lemma 177771 

Suppose that there exists J?s 2 (V) := { fs,V,<g,ij | 1 < * < j < d},L,JP~y {fi | 
1 < * < d}, ^(s, d?s 2 (V)i &v) = {cij | 1 < * < j < d} as defined in Lemma [675[ 

Then define a basis := {/“ | 1 < * < d} and a set of constants = 
^(s, ^s 2 {V)i dPy)~ := {c“ \ l<i<j<d}cL, as follows: 

(i) for 1 < i < d!, let f~ = (—1 ) l+1 fi; and for i > d' let f~ = fi; and 

(ii) for 1 < i < j < d!, let c~j := (—1 y~ l Cij; for 1 < i < d!, j > d!, let 

c~j := (—1 ) l+1 Cij; and for all other ( i,j ) let c~j := c,y. 

Then for 1 < i < j < d, we have 

fij = c ij (/r ® fj + (! - s L)ff ® /r) ■ 
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Proof. Observe that, for 1 < i < j < d!, we have 

cfj (/r ® fj + C 1 - S n)fj~ ® iT) = (- 1 ) 2j+2 Cii (fi ® fj + (! - hj)fj ® fi) > 

and since 2j + 2 is even, this is precisely /^. When i < d',j > d', we have 

(/“ ® // + (1 - ® /r) = (- 1 ) 2(i+1) c ij (ft ® fj + (1 - 5ij)fj <g> fi ), 

which again is equal to since 2(* + l) is even. If d' < * < j < d then the assertion 
holds trivially by the definitions. □ 

Lemma [6761 allows us to ‘err’ in our search for the values of the Cjj . so long as we 
‘accidentally’ find c~ : in that case, FindPreimage will return the action of g £ G 
with respect to instead of a mistake which is irrelevant to us, and by 
Lemma 16.51 above, is unavoidable. Note that we are only permitted to make one 
mistake: we must compute all of either fo or , and we cannot ‘mix and match’. 

Lemma 6.7. Let G be a classical group as in one of the lines of Table [H let 
s £ G be a special element as defined in Definition 1 3.31 let W = S 2 (V). Let 
<?S 2 (v) = { e ij I 1 < i < j < d} be as defined in Lemma \6.1l and let be 

defined as in Lemma 1 6 . 51 and let be as defined in Lemma 1 6 . 61 

Then for 1 < i < j < d' - 1, we have c?- = c i+1 j +1 and (c~j) q = c~ +l j+1 , 
and hence for 1 < i < d', we have Cu = c£ = 1. 

Moreover, for every g £ G, and for all pairs (i,j),(k,f) £ App^, we have the 
following, where n ijM := g^f^aij = g hfj , a~- = g f - f - : 

(i) The Basic Equations in the Symmetric Square Case hold for (nij,kt )^, (oij ),^~, (a“ ): 

c . . Q~. 

(9) Kij,n = —(aikOjt + (1 - Sij)aua jk ) = -^-(a~ k a~ e + (1 - Sij)aZa~ k ) 

°u c u 

(ii) for 1 < i, j < d' - 1, we have a,T = a i+1 . j+1 , (a“-) 9 = a~ +l j+1 . 

Proof. Since ff = /)+i for all 1 < i < d' — 1, and since Sij = we have, for 

l<i<j<d'-l, that 

fij = (dj (fi ® fj + (1 ~ &ij)fj ® fi)Y 

= C ij (fi +1 ® fj +1 + (1 ~ $i+l,j+l)fj+l ® fi+l) 

= C ij { C i+l,j+lfi+l J + l) > 

and so c\j = Ci+ij+i since, by definition, we have that /?• = / i+l j+1 . Since, by 
Lemma 16.51 cn = 1, we have that Cii = 1 for all i. The relations on c~ follow 
immediately since c“- = (— 

(i) follows immediately from Lemmas 12.31 For (ii), since f° = /)+i for 1 < i < d! — 1, 
and since /f & (f 2 , - , fd ') for i> d', we have that 

/ d \ d'-l 

/r = X) = H a %fi + 1 + 

\.7=1 / i=! 
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for some v $ {f 2 , ■■■, f d >)- On the other hand 

d d— 1 

f - 9 = f !+1 = ai + i dfj = a *+i,t+i/i+i> 

j =1 3 —0 

and so, since f? a = ff 9 , by equating coefficients of /' 7+1 for 1 < j < d' — 1, we 
have = a^+i,_/+i as required. A similar argument shows that the relations hold 
among the a", since {f~)° = ((-l) i+1 ) ff /f = (-l) l+ 7*+i = -/<+!• □ 

Lemma 6.8. Let G be a Classical Group, let V be the natural FG-module, and let 
W be an FG-module such that W = {S 2 (V)*) V , where S 2 (V)* is an irreducible sec¬ 
tion of S 2 (V) of codimension at most 2, and Lp is an isomorphism of FG-modules, 
and let v be a homomorphism of FG-modules such that S 2 (V)* ^ S 2 (VY. 

Let s £ G be a special element, as in Definition \3.3\. let {£ t j | 1 < i < j < d'} 
be the eigenvalues of s in S 2 (V)k, as in Lemma\UA\ Suppose that LFw = {fw,ij I 
(i,j) £ Appjy} U&' is a basis ofWx such that, for every ( i,j ) £ App^, we have 
that fw,ij is an fij-eigenvector for s in Wk, and satisfies the a-relations for 
S 2 (V) for all ( i,j ) £ App^y as in Definition \6.4\ 

Then there exists a basis &s 2 (v ) = {fij I 1 < i < j < d} of S 2 (V)k such that 
dPs 2 (v) satisfies the a-relations for S 2 (V), and for every ( i,j ) £ App^, the follow¬ 
ing hold: 

(i) /g. £ S 2 (V)*; 

(ii) /•J = fiy, and 

(iii) for every g £ G and for all ( i,j),(k ,£) £ we have that 9j i:j f ke = 

dfijfke ■ 

Proof. Note first that v is either the identity map, or the projection of S 2 (V) onto 
a quotient by a subspace fixed pointwise by G. For each (1 ,j) £ App^, choose a 
preimage of /y under v, and set /y to be this preimage. Then for (i, j) £ App^ 
with 2 < i < j < d', set fij := ffl 1 j_ 1 . If d' = d — 1, then for 2 < * < d !, 
set fid ■■= If d! = d - 2, then for 2 < * < d !, set f ld := f°_ ljd _ v and 

set fi, d -i := fi_ ltd ■ Choose a preimage of /£_ 1)d _i under u, set f d - i, d -i to be 
this preimage, and set f dd = f d -id-v Then /y has been defined for all pairs 
(i,j) £ App^y for the remaining pairs with 1 < i < j < d, choose /y such that 
they satisfy the cr-relations for S 2 (V). 

Now for all 1 < i < j < d, we have that /y is an ^y-eigenvector for s in its action 
on S 2 (V), since the maps v,tp preserve eigenstructure, and since the action of cr 
maps £y-eigenvectors to £y-eigenvectors. By Lemma Th. II for every (i,j) £ App w , 
either G = SU {d,q), or ty ^ 1. In the former case, v is the identity map, and so 
jy £ S 2 (V)*. In the latter case, /y is an ^y-eigenvector for £y 1, and so is not 
fixed by the action of s, and so since S 2 (V)* is the kernel a linear form T, we have, 
by Leirirna [2~2l that /y £ S 2 (V)*. 

Since a commutes with p,v, we have, for ( i,j ) £ Appy/ with 2 < i < j < d', 
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that j v y = (fYij-iY* = = fij • By the same argument we 

have that ffS = fij for the remaining ( i,j ) £ Appjy, and so (ii) holds, (iii) then 
follows. □ 

Lemma RT51 ‘lifts’ us from a basis of Wk to a basis of S 2 (V)k■ combining this 
with Lemma 16.71 ‘decomposes’ into one of two bases for Vl for which the Basic 
Equation holds whenever (i, j), [k, tj £ App^. This set of equations is the tool for 
constructive recognition. 

Corollary 6.9. Let G be a Classical Group, let V be the natural FG-module, and let 
W be an FG-module such that W = ( S 2 (V)*Y, where S 2 (V)* is an irreducible sec¬ 
tion of S 2 (V) of codimension at most 2, and <p is an isomorphism of FG-modules. 

Let s £ G be a special element, as in Definition I S.!A let {Yj | 1 < i < j < d'} 
be the eigenvalues of s in S 2 (V)k, as in Lemma\UfJ J Suppose that fp-w = {fw,ij | 
( i,j ) £ App^/} UJT is a basis ofWx satisfying the conditions in Lemma UTB 1 

Then there exists a field extension L of I\ of degree at most 2, a basis JV = 
&{s, V, cFw) = { fv,i | 1 < i < d} of Vl, a set of constants ^ = {cij \ ( i,j ) £ 
ApPwl) a basis SFff = {fy t \ 1 < i < d} and constants = {c“- | (i,j) € App^,} 
as defined in Lemma T 6 . 61 such that, for every ( i,j),(k ,£) £ App^ and for every 
g &G, the following hold, where K ijtk e = gfw,ijfw,ke> a H = 9fv,ifv,^ a ij = 

(i) The Basic Equation m holds; and 

(ii) for 1 < i,j < d' — 1, we have aT = ai+iy+i- 

Moreover, we have cu = = 1 for 1 < i < d!, and if d' < d, we have c\j = 1 for 

d! < j < d. 

Proof. By Lemma [6781 the basis gives rise to a basis & of S 2 (V) satisfying the 
conditions of Lemma T6.71 combining these two results, the result follows. □ 

7. The Algorithm 

In this Section we detail the steps in Initialise and FindPreimage. We first 
must find a Special Element s (by random search), and then find the eigenvalues 
of s in its action on Wk, a basis SFw ’■= {fij I (}, j) £ App^} U ,'F' for Wk of 
s-eigenvectors, and constants Cjj for certain values of i,j satisfying the conditions 
of Lemma 16.81 Since S' 2 (V r ) contains the Alternating Square A 2 (V) when q is even 
(and so is irreducible in a nontrivial way) we assume that q is odd. 

Parts of the procedure work for all odd q, but ultimately Initialise can be com¬ 
pleted only when q > 5 in certain cases (due to the exceptions in Lemma 16. 111 . The 
deciding factor is whether or not (1,1) £ App w : when G = {Sp(d, 3), SO £ (d, 3)} 
things break down. 

7.1. Finding the Special Element. In the FindSpecialElement procedure, we 
assume that we have access to an oracle providing random elements of H = {X): 
we denote by fn the time required to produce such elements. In practice, we 
use the built-in functions of GAP and MAGMA to produce random or pseudo¬ 
random elements (in the GAP code, we use the built-in function PseudoRandom, 
and in the MAGMA implementation, the builtin function Random). We require a 
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polynomial-time ‘test for suitability’, which takes a matrix g £ G as input and 
returns TRUE if g is a special element, and FALSE otherwise. Of course, computing 
directly the eigenvalues of an element and checking that their number is sufficiently 
high would work (and would ultimately not effect the analysis of the procedure’s 
complexity), but we wish to discard unsuitable choices as quickly as possible. The 
name FindSpecialElement is slightly inaccurate: we require our elements to be 
ppd(d, q ; (f)-elements with sufficiently many 1-dimensional eigenspaces (specifically, 
we ask that the Uj-eigenspace be 1-dimensional for all (i,j) £ App^). Such ele¬ 
ments form a superset of the special elements: in Section [8. 11 we find lower bounds 
on the proportion of special elements in G, which automatically gives a lower bound 
on the probability that a randomly chosen element of H will have the desired prop¬ 
erties. 

In order to find a special element in the case G = SU( d , q) with d even, we do not 
simply search for them: instead, we search for a more abundant type of element 
from which a special element can be constructed. Note that here and henceforth, 
we consider SU(d, q) to be a subgroup of SL(d, q), defined only when q is a square. 

Definition 7.1. Let G = SU(d, q), with d even, and let d' = d — 1. Then s £ G is 
called a pre-special element of G if o(s) = yfq" + 1. 

Lemma 7.2. Let G = SU (d,q), with d even and d > 4, and let s be a pre-special 
element of G. Then s^ +1 is a special element. 

Proof. This follows immediately from the definitions of special and pre-special ele¬ 
ments: since yfq + 1 divides o(s) the order of s^ +1 is . Also, any primitive 

prime divisor r of yfq — 1 must be coprime to yfq + 1, since (yfq + 1) | q — 1, and 
so r\ (yfq- 1- 1): thus r | o(s^ +1 ), and so s^ +1 is a ppd(d, q; (f)-element. □ 

As part of our test for specialness, we require a polynomial-time test for whether 
an element s £ G has order divisible by a primitive prime divisor of q d — 1. Since 
we will know the eigenvalues of s when the time comes, it is cheaper to decide if 
the order of an eigenvalue is divisble by a primitive prime divisor r of q d — 1: since 
o(A) | o(s) for every eigenvalue A of s, if r | o(A) then s is a ppd(d, q; d')-element. 

Lemma 7.3. If ( q,d') = (2,6), set m := 21. If ( q,d') = (p, 2) for p a Mersenne 
prime, then set m:=p— 1. For all other pairs ( q,d !) with q a prime power and 
d! > 2, set 

m := IJ — (q 3 - 1). 

3\d' J 
j<d' 

Suppose that A £ K = F and X m ^ 1. Then A £ G has order divisible by a 
primitive prime divisor of q d — 1. 

Proof. For an integer x , denote by (x) r the r-part of x, that is, the largest power 
of r dividing x. Suppose that r is a prime divisor of o(s), and suppose that e is the 
smallest integer such that r | q e — 1. Suppose that 1 < e < d! (that is, r is not a 
primitive prime divisor of q d — 1, and let ( q e — l) r = r 4 . Suppose that r ^ 2: then 
by OB Lemma 4.1(iii)], we have that ( q d ' — l) r = r* r = ( q e — l) r (f) r - Thus 
the r-part of q d — 1 divides the j = e term in the product defining m , and so r 



24 


B. CORR 


does not divide the order of A m . 

Suppose that r = 2: then g is odd, since if q is even then r \ q d — 1. If d is even, 
then q d — 1 = ( q d / 2 — l)(q d / 2 + 1), and since q is odd, we have q d / 2 = 1 modulo 4, 
and so ( q d / 2 + 1)2 = 2. Then ( q d — 1) 2 = 2(g d / 2 — 1) 2 , and so the j = d !/2 term of 
the product defining m is divisible by the 2-part of o(A). It follows that 2 does not 
divide the order of A m . If d is odd, then (q d ' — l)/(g — 1) = 1 + • • • + q d '~ l is the 
sum of an odd number of odd numbers, and so is odd. That is, ( q d — 1) 2 = (q— 1) 2 . 
Thus the j = 1 term of the product defining to is divisible by the 2-part of q d — 1, 
and so 2 does not divide the order of A m . 

Then since o(A m ) | o(A), the only prime divisors of o(A m ) are the primitive prime 
divisors of q d — 1 which divide o(A), and the result follows. In the exceptional 
cases (when (g, d') = (2, 6) or (p, 2) for p a Mersenne prime) the result follows by a 
similar argument. □ 

Remark 7.4. Since the number of divisors of d' is less than 2 Vdf, we have that 
to = 0(q d +d ( 2v/ ^)) = 0(q d ' ). Then by applying Lemma \7. 31 to a known eigen¬ 
value of s in K. we can decide if s is a ppd(d, g; G?')-element in 0 {p q d' log to) = 

0 (p qd > log {q d3/2 )) = 0(p qd 'd?/ 2 logg) time. 

Note that this task requires that we can completely factorise d': we do not concern 
ourselves with the cost of non-field-operations. Since our computations take place 
in a field of size q d , the cost of factoring d' will be small compared to the cost of 
field operations. 

The biggest speedup we can perform on the test for specialness is to avoid fac¬ 
toring the characteristic polynomial completely over K if it is unnecessary: in 
particular it follows from the results below about the orbits of eigenvalues over K 
that the characteristic polynomial of a special element has no irreducible factors 
over F of any degree other than 1, 2, y or d' , and in fact we know explicitly their 
distributions (which depend on the case). With this knowledge in our hand, we can 
eliminate most unsuitable candidates beforehand, and not waste our time comput¬ 
ing the eigenvalues over K. Recall that App lv (s) is the set of pairs (i, j) such that 
the fjj-eigenspace of sw K ' s 1-dimensional. 

Proposition 7.5. Algorithm^ is a Las Vegas algorithm which returns, with prob¬ 
ability at least 1 — e, an element g of H such that the following hold: 

(i) g is a ppd(d, g; d')-element; 

(ii) There exists a labelling of the eigenvalues of g as {lij | ( i,j ) € App^}, 
such that the eigenspace of lij is 1-dimensional for all ( i,j) £ App^/ (see 
Lemma \6.2\) : 

and has complexity 

o{[f,H+ p q d 3 (d 3 + logg) + p qd 'd 3 log 2 dlog(dg))p loge -1 

where P is the proportion of special elements in G. In particular, using the bound 
P > 9d 2 ^ 2 - (see Section lKl\ and Table\5f), we have that -p < |ci 2 log 2 g), and so 
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Algorithm 1 FindSpecialElement 

Input: A set A' C GL (n,q), such that H = ( X ) generates a nontrivial section W 
of S 2 (V ), represented as n x n matrices over F = ¥ q , and an acceptable 
probability of failure e € (0,1). 

Output: A ppd(d, q; d')-element of H , together with its (unlabclled) eigenvalues 
£ij. separated into cx-orbits (where cr is the Frobenius automorphism x H > x q ). 

Procedure: 

(i) Set T := |~-p log(e -1 )]], where P is the lower bound for the proportion 
|5|/|G| given in Table [7] below. 

(ii) If more than T random elements of H have been requested, then return 
FAIL. Otherwise, choose a random element g £ H 1 and compute the char¬ 
acteristic polynomial c g (t) of g. 

(iii) Compute the square-free factorisation of c g (t) (see (EH Section 4.6]). If 
c g (t) has a square divisor which is not a power of (t — 1), then discard g 
and return to (ii). 

(iv) Compute the distinct-degree factorisation of c g (t) (see (SJ Algorithm D]), 
which yields the number of irreducible factors of each degree d', d!/ 2, 2,1. 
If the degrees are not correct, then discard g and return to (i); if they are, 
then g has the correct number and arrangement of orbits of eigenvalues in 

Wk- 

(v) Compute the distinct linear factors of c g (t) over K (using, for example, 
the algorithm of Beals et al. (T| Lemma 4.6]), and hence the eigenvalues 
of g over K. For a zero f3 € K of one of the irreducible divisors of c g (t) of 
largest degree, compute (3 m , for m as in Lemma 1731 If the value is 1, or if 
the computation of linear factors returns FAIL, then discard g and return 
to (ii). 

(vi) In the case G = SU (d, q) for d even, if s does not have 1 as an eigenvalue, 
compute the (q + l)st power of each eigenvalue. If these powers are all 
distinct, then return g q+1 and its eigenvalues. If not, then return to (ii). 

(vii) In all other cases, return g and its eigenvalues over K. 


Algorithmic has complexity 

o ({£h + Pqd 3 (d 3 + log q) + p qd 'd 3 log 2 dlog(dg))d 2 log 2 qloge^ 1 ) 

Proof. It is possible that we may fail to detect the unsuitability of an element until 
the very last test in (vi), and so in the worst case, we must run (i)-(vi) on T matri¬ 
ces. Step (ii) costs 0 (£h + p q d 6 ). Step (iii) costs 0(p q d 3 log q) and (iv) runs faster 
than (iii). 

We can find the distinct linear factors of the characteristic polynomial using the 
Las Vegas algorithm of [T| in time 

O (yPqd'n log n\og(nq d ) log log n log e_1 j = O (jJ q d'd 3 log 2 d\og(dq) loge -1 ) . 

and testing whether /3 m = 1 requires time 0(p qd ‘ d 3 / 2 log q) by Remark 17.41 Thus 
each test has total worst-case cost 

O (^Pq{d 6 + d 3 log q) + p qd > d 3 log 2 d\og(dq) log e_1 ) ■ 
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The result then follows since every special element will pass, and so T tests is 
sufficient to ensure that the probability of failure is at most e (note that the e 
introduced by the factoring algorithm is a different value, and we may have to split 
our error probability between the two: this is a mere technicality and we omit 
dealing with it for the sake of space and time). □ 

7.2. Labelling the Eigenvalues R. The goal of this section is to present the 
family of LabelEigenvalues procedures which, given the eigenvalues and corre¬ 
sponding eigenspaces of a special element s € H in Wk, produce a valid labelling 
of their orbits according to the structure given in Lemma 16.11 

Definition 7.6. An assignment ( i,j ) i —> £ij is called a valid labelling of eigenvalues 

if there exists a set R | 1 < i < d} such that, for every pair 1 < i < j < d, we have 

£■ ■=£■£■ 
t'lj — . 

A valid labelling of the R allows us to find eigenvectors for Wk satisfying the 
conditions of Lemma 16.81 While naive searching would suffice to perform this task 
‘quickly enough’ (in the sense that this part of Initialise is not a bottleneck), 
nevertheless we employ shortcuts to speed up the process. 

We proceed case by case, according to the value of d' as defined in Table O recall 
that d! € {d — 2, d — 1, d}. 

7.2.1. The Case d! = d. In this case, the eigenvalues of s in its action on Wk are, 
by Lemma 16. II 

R, | 1 < i < j < d}. 

It follows directly from the definition that for every i, j, we have £u£jj = £ 2 j - that 
is, the cr-orbit Q containing £\\ has the property that the product of any two dis¬ 
tinct members of Q is the square of an eigenvalue in another orbit. Our procedure 
uses this property to find a suitable l\\ by eliminating those orbits which do not 
possess the property. 

We begin by storing in memory the set of squares of the eigenvalues. Then choosing 
at random a candidate for £\\. we test whether £\^ q (which is equal to £\\£jj) 
lies in this set of squares for 2 < j < d. If this test fails for any j, we select another 
orbit and try again. Since the square root operation is very costly for large fields 
K , and since we do not need to know the square root of l\i q explicitly - only 
whether or not it is one of the R - the memory we use to hold this relatively small 
lookup table is a small price to pay for a much faster procedure. 

Remark 7.7. (i) In step (i) of LabelEigenvaluesSymSquare(d’=d) (and in 

subsequent LabelEigenvalues procedures outlined below) we do not sim¬ 
ply compute the er-orbits of eigenvalues, but retain a record of the gth 
power of each eigenvalue. In practice this is achieved by storing each 
orbit as an ordered list, with each entry the gth power of its predeces¬ 
sor. This step requires Oid 2 ) gth-power computations, each with a cost 
of 0(p qd ' logg), and so the setup of this data structure has complexity 
0{p qd r d~ logg). Once this data structure has been set up, computation 
of g fe th powers of eigenvalues has zero cost (to find the g fe th power of an 
eigenvalue we simply move k spaces down the list), and hence computation 
of ( q k + l)st powers can hence be performed with a single held operation. 
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Algorithm 2 LabelEigenvaluesSymSquare(d’=d) 

Input: A special element s £ H, and the eigenvalues of s in its action on Wk, in 
the case that d! = d. 

Output: A valid labelled set {li 3 | 1 < i < j < d} of eigenvalues, and a basis 
&w = {fij | (*i j) £ Appy,} U of Wk, satisfying the conditions in Lemma [6781 
Procedure: 

(i) Compute the gth power of each eigenvalue, and sort them into ordered 
cr-orbits. 

(ii) Compute the square of each eigenvalue, and store these in a list £ , with 
a record of the correspondence between eigenvalues and their squares. 

(iii) For each orbit f l of eigenvalues, choose an element a £ S2. For 2 < k < 
d — 1, compute ofl +1 . If the result lies in £ 2 , find its square root and 
label it fife! if not, then discard 12 and choose another orbit. Once all of 
i\k have been labelled, proceed to (iv). 

(iv) For 2 < i < j < d, label iij = (f\_ x J _ 1 . 

(v) For each (1 ,j) £ Appy/, set fij to be the eigenvector of t\j having a 1 in 
its first nonzero entry. 

(vi) For (i, j) £ App^ with i > 2, set f tJ = 

(vii) If necessary, extend {fij \ ( i,j ) £ App^y} to a basis for Wk in any way: 
these eigenvectors are of no consequence to us. 


(ii) In step (iii) of LabelEigenvaluesSymSquare(d ,= d), the computation of 
square roots is free, since in step (ii) we store a correspondence between 
eigenvalues and their squares. This has a relatively small memory cost, 
and saves a considerable amount of time, since taking a square root in K 
has a cost of 0(p qd 'dlogq). 

(iii) In practice we perform the final step, of extending the partial basis {fij \ 
(i,j) £ Appy/} to a basis for Wk, by computing a basis for the 1- 
eigenspace of s in Wk (or, in fact, in W, since the 1-eigenspace has a 
basis consisting only of i 7, -vectors: the distinction is of little consequence). 

Proposition 7.8. Algorithmic (LabelEigenvaluesSymSquare(d’=d)) returns a 
valid labelling {l,j \ l<i<j<d} of the eigenvalues of s on Wk together with 
a basis = {fw,ij | ( i,j ) £ App^y} U AF' for Wk satisfying the conditions in 
Lemma [678 1 and has complexity 

0(p q d'd 4 {d 3 + logg)), 

where p qd ' is the cost of a field operation in K = F . 

Proof. Steps (iii)-(iv) yield a valid choice of i\\\ setting i\ to be a square root of 
this value and setting lj = l\ we have that lij = liij - that is, we have a valid 
labelling of the eigenvalues. Note that the orbit of the true value of £u must be 
tested (since all orbits are tried), and the choice within that orbit is unimportant 
(for choosing another element of the orbit simply relabels the ii by a cyclic permu¬ 
tation) , and so the algorithm terminates after testing every orbit in the worst case. 
Since for (i, j) £ Appy/, fy is an ^-eigenvalue, and satisfies the er-relations in 
the Symmetric Square case for (i,j) £ App^y (see Definition 16,311 by the construc¬ 
tion in step (vi), J^y/ satisfies the conditions of Lemma 16.81 
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Step (i) costs 0(p qd ’d 2 log 9 ), by Remark [7.7( 0. Steps (ii)-(iii) cost 0(d 2 ), since 
there are 0(d 2 ) squares to take in step (ii), and in the worst case there are d orbits 
to try, and d— 1 powers a q +1 to test. 

Since the qth power of every eigenvalue is known (from (i)), step (iv) costs noth¬ 
ing: by labelling the first element in an orbit, we implicitly label the entire orbit 
(see Remark 17771 ill. Step (v) requires at most d eigenvector calculations at a cost 
of 0(p q d’d 6 ) each, and (vi) involves computing a qth power of an element of K 
0(d 4 ) times, each of which is 0(p qd ' logg), and so step (vi) is 0(p qd ' d 4 log q). Step 
(vii) costs less than (v) since we may complete it by considering the 1 -eigenspace. 
Combining these runtimes, Algorithm [2] is 0(p qd > ( d 7 + d 4 logg)). □ 

7.2.2. The Case d' = d— 1. In this case, we have that hi. = 1, and so the eigenvalues 
of s in its action on Wk are, by Lemma 16. II 

{hj | 1 < * < j < d} = { 1 } U {t id = h | 1 < i < d'} U [hj | 1 < i < j < d'}. 

We now present the algorithm LabelEigenvaluesSymSquare(d ,= d-l), which ap¬ 
plies to all of these cases. We proceed similary to the case d! = d above, but 
this time we identify a suitable candidate for the orbit of l\ d = l\ by noting that 
ef~ 1+1 = l lk for 1 < k < d'. 


Algorithm 3 LabelEigenvaluesSymSquare(d’=d-l) 

Input: A special element s G H, and the eigenvalues of s in its action on Wk, in 
the case that d! = d—1. 

Output: A valid labelled set {hj \ 1 < * < j < d} of eigenvalues, and a basis 
&w = {fij | (i,j) € App^} U of Wk, satisfying the conditions in Lemma 15151 
Procedure: 

(i) Compute the gth power of each eigenvalue, and sort them into ordered 
cr-orbits. 

(ii) For each orbit f 1 of eigenvalues, and choose an element a £ fl and label 
(id := a. For 1 < k < d — 1, compute a q 1+1 . If the result is an 
eigenvalue, label it l\ k ', if not, then discard all labels, and choose another 
orbit fl Once all of i\k have been labelled, proceed to (iii). 

(iii) For 2 <i<d', label hd = (\ d ; for 2 < i < j < d' , label hj = h\_ 

(iv) For each (1, j) G App^, set fij to be the eigenvector of h j having a 1 in 
its first nonzero entry. 

(v) For (i, j) G App^ with i > 1, compute using the a -relations in Defini¬ 
tion [CTS] 

(vi) If necessary, extend {fij | (i. j) G App^} to a basis for Wk in any way. 


Proposition 7.9. Algorithm [3 (LabelEigenvaluesSymSquare(d’=d-l)) returns 
a valid labelling {hj | 1 < i < j < d} of the eigenvalues of s on Wk together with a 
basis — {fij | if,j) G App w }UJ?' for Wk satisfying the conditions in Lemma 
m and has complexity 

O (Pqd 1 d 4 (d 3 + log q)), 

where p qd ' is the cost of a field operation in I\ = F ? d'. 
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Proof. Setting li = lid for 1 < i < d', and Id = 1, we have lij = Idj for 
1 < i < j < d, and so the labelling lij is valid. Since every orbit is tested, 
the procedure will eventually find an orbit (the true orbit of lid) satisfying this 
condition, and so always returns a valid labelling. Since for each fij we have that 
fij is an ^--eigenvector, and by the construction of fij in (v) satisfies the 
a- relations in the Symmetric Square case for all (i. j) £ App^ (see Definition 16.dll , 
we have that satisfies the conditions of Lemma 16.81 

Step (i) has complexity 0(p qd > d 2 log q) (see Remark ITTTT iV). and after performing 

this step we can compute each power X q +1 with just one field multiplication in 
K. Thus we are guaranteed to find a suitable lid after at most d 2 multiplications 
in K , and so step (ii) has complexity 0(p qd 'd 2 ). Step (iii) is ‘free’ since we have 
completed step (i) (again by Remark {TfTf i)). 

Step (iv) requires at most d eigenvector calculations at a cost of 0(p qd >d 6 ) each, 
and (v) involves computing a c/tli power of an element of K 0(d 4 ) times, each of 
which is 0{p qd ’ logg), and so the cost of step (v) is 0{p q d ’df logg). Step (vi) costs 
less than step (iv), since we may complete it by a computation of the 1 -eigenspace. 
Combining these runtimes, the total cost of Algorithm[3]is 0{p qd ' ( d 7 +d 4 log g)). □ 

7.2.3. The Case d! = d — 2. In the case d! = d — 2, we label Id- 1 = mi,Id = m 2 , 
where mi = pfl , so the eigenvalues of s in its action on Wk are, by Lemma | 6 . II 
and since mim 2 = p q+1 = 1 , 

{1} U {IpTij | 1 < * < d', 1 < j < 2} U {lij | 1 < i < j < d'} U {m \, m 2 }. 

We approach the problem by trying to identify those two cr-orbits of eigenvalues 
containing £imi,£im 2 respectively. Our knowledge of m 2 makes the process of 
eliminating unsuitable candidates easy, since the orbit Q of limi has the property 
that — fl is itself the orbit of £ito 2 . 

Proposition 7.10. Algorithm^ (Lab elEig envaluesSymSquare (d’ =d-2) a valid 
labelling {1^ \ 1 < * < j < d} of the eigenvalues of s on Wk together with a basis 
= {fij I (*, j) £ App w } U for Wk satisfying the conditions in Lemma rOl - 
and has complexity 

0(p qd 'd 4 (d 3 + log g)), 

where p qd ' is the cost of a field operation in K. 

Proof. Setting mi as a square root of the chosen ml in step (ii), and li = ( limi)/mi 
for 1 < i < d', Id -i = mi,Id = mf, we have for all ( i,j ) that lij = lilj, and this 
is a correct labelling of the eigenvalues, and since every orbit is tested in steps 
(iii)-(v), an orbit satisfying these properties is found, since the true orbit of limi 
must eventually be tested. Since for all lij we chose fij to be an ^-eigenvector, 
and we construct fij in step (viii) to satisfy the cr-relations for all [i, j) € App^ 
(see Definition 16.31) . the basis satisfies the conditions of Lemma T6. 81 

Step (i) involves d 2 gth-power calculations, and so costs 0{p qd > d 2 log g) (see Re- 
mark l7.7l iD. Step (ii) requires 2 gth-power calculations (in the sense that we take 
powers bounded above by g), and so has complexity 0(p qd > logg). Getting from 
step (iii) to the successful completion of step (v), in the worst case, requires the 
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Algorithm 4 LabelEigenvaluesSymSquare(d’=d-2) 

Input: A special element s £ H, and the eigenvalues of s in its action on Wk, in 
the case that d' = d — 2 > 6 . 

Output: A valid labelled set {£ l: j | 1 < i < j < d} of eigenvalues, and a basis 
&w = {fij | {hi) € App w } U of Wk, satisfying the conditions in Lemma [6781 
Procedure: 

(i) Compute the gth power of each eigenvalue, and sort them into ordered 
cr-orbits. 

(ii) There is exactly one orbit of length 2, namely {to 2 , to|}: choose one eigen¬ 
value from this orbit and label it m 2 . Compute a = as 

(recall q is odd, so (to 2 )^ -1 )/ 2 = m 9_1 = to^/to-i. 

(iii) For each remaining orbit f2, choose f3 £ and compute a/3. If this is an 
eigenvalue, label /? = £im\,a{3 = iirri ‘2 and proceed to (iv). If not, then 
try another orbit Q. 

(iv) For 2 <i< d', label ^2 = (t'i-imi ) 9 ,iiirii = {li-\rri'i) q . 

(v) For 2 < k < d!, compute i\k = ( 4 roi)( 4 rfi 2 )- If this is not an eigenvalue, 
return to (iii) and choose another orbit f l. 

(vi) For (i,j) £ App^ with i > 2, label £,j = 

(vii) For each (1, j) £ App^, set fij to be the eigenvector of iij having a 1 in 
the first nonzero entry. 

(viii) For (i,j) £ App^ with i > 1, compute fij using the tr-relations in Defini¬ 
tion [63] 

(ix) If necessary, extend [f lJ \ ( i,j ) £ App^/} to a basis for Wk in any way. 


testing of d orbits, and each test requires d field multiplications note that by 
Remark Eli), steps (iv), (vi) have zero cost hence steps (iii)-(vi) together have 
complexity 0{p q d'd 2 ). 

Step (vii) requires at most d eigenvector calculations at a cost of 0(p qd 'd 6 ) each, 
and (viii) involves computing a gth power of an element of K 0(d 4 ) times, each of 
which has complexity 0{p q d' logg), and so step (viii) costs 0{p q d'd A logg). Step (ix) 
costs less than step (vii), since we may complete it by computing the 1 -eigenspace 
of s. Combining these runtimes, Algorithm [I] is 0{p qd '{d 7 + d A log g)). □ 

7.3. Avoiding Division By Zero. In the following steps of the algorithm there 
is a small chance that our procedure may attempt to divide by zero! To deal with 
this (very real) possibility we again use the techniques of randomised algorithms, 
and so we need to address two things: we must decide what to do when a division 
by zero is attempted, and we must bound the probability that the need will arise. 
Should a division by zero be attempted during one of the FindConstants family 
of procedures, we simply observe that these procedures depend upon a random 
selection in the group H, and the division by zero is, in fact, dependent on the 
random choice made. Thus it is easily fixed by choosing another random element 
(of course, if this continues to occur we must return FAIL). 

If a division by zero is attempted during one of the FindPre image family of proce¬ 
dures, we must somehow ‘inject’ randomness into proceedings: should g £ G, the 
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input to FindPreimage, cause an error, we choose a random h £ H, and compute 
preimages under ip of h,gh~ l . Then the preimage of g is found by computing 

where here we use the notation to mean a representative of the preimage: 

since this gives only a sign ambiguity, this is well-defined and gives the full preimage 
of g. We now describe precisely the conditions under which a division by zero may 
be attempted. 

Definition 7.11. Let K = F and let (dij) £ GL (d,K). Then (aij) is said to 
have the divisibility property if dij 7 ^ 0 for all (i,j) £ App^. 

Lemma 7.12. Let K = Fa' for q odd, let () £ GL {d,q d ), and for each 
( i,j), (M) £ App^, suppose that K ijtk e = + forCij,c k e ^ 

0. Then () has the divisibility property if and only if, for every i,j,k with 
(i, i), ( i,j ), (j, k), (k, k ) £ App w , we have Ku t jh,Kij,kk ± 0. 

Proof. This follows immediately from the Basic Equations, since Kujh = ^dijdik, Kij.kk = 
2^-<iik a jk and since q is odd and all of the Cy are nonzero. □ 

In [TH Lemma 4.8], Magaard, O’Brien & Seress managed to find a lower bound 
on the proportion of elements of an arbitrary subgroup G ^ GL (d,K) having the 
divisibility property in the Symmetric Square Case for G = SL(d,q): however, 
their argument depends entirely on the large order of SL(d, q), and hence cannot be 
applied to the other classical groups. We require a conjecture that a similar result 
holds: 

Conjecture 7.13. Let s £ G be a special element, and let {/$} be a basis of 
eigenvectors for sy K as described in Lemma \3.6l Let g £ G be a random element of 
G, and let () be the matrix of g with respect to the basis := {ft | 1 < * < d} 
of Vk ■ Then 

(i) For each i,j we have P(aij = 0) < -4-,' and 

(ii) P(aij 7 ^ 0,Vi,j) > §. 

When G = GL (d,q), this is precisely the statement of Lemma 4.8 in [14] (al¬ 
beit with slightly different notation). To computationally test Conjecture 17. 131 we 
construct a random conjugate of G in GL(d, K), and choose a random sample of 
matrices from this random conjugate (in practice, we produce a random element 
h £ GL (d,K), choose random elements {gi} from a standard copy of G, and test 
their conjugates {gif}. We tested all groups SL(d, q), SU(d, q), Sp(d, q), SO e (d, q) 
for all relevant d < 12, q < 13: we tested 10 random conjugates of the group in 
GL(d, K), and chose from each conjugate 100 random elements. We found no case 
of a matrix failing to possess the divisibility property. Of course, it is easy to 
construct matrices which fail to possess the divisibility property: for example in 
the Symmetric Square case, most ‘nice’ matrices, including the identity matrix, do 
not have the property. However, the sheer size of GL(d, K ) means that a random 
conjugate of G is unlikely to contain many ‘nice’ matrices. 

7.4. Finding the Constants c t j. Having found, using the appropriate variant of 
LabelEigenvalu.es in Section 17.21 above, a basis .'Fyv satisfying the conditions of 
Lemma 16.81 we know (by the conclusions of this Lemma and Corollary 16.91) that 
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there exist bases f° r Vl, and sets = {dj | ( i,j ) G App^},^ = {c^ | 

(i,j) G Appjy} C L, such that the action of g G G on J?y (or &y) can be calcu¬ 
lated from the action on ,^w • so long as we know the values of certain c t j (or c“). 
This section is dedicated to the computation of these required constants. 


Recall from Corollary 16.91 that, for every (i,j),(k,£) G App^, the Basic Equa¬ 
tions in the Symmetric Square Case hold: 

© KijM = — {aikajt + (1 - 8ij)auajk ) = ~zr ( a ik a Je + (1 - • 

where Oy = = g frf -,Kij,ki = 9fnhn an d % = 1 when i = j and 0 

otherwise. The first of these equations is the key to both the process of finding 
dj (or c“), and later, finding the matrix (a«j) = (g/^/j) for an arbitrary g G G. 
However, in the course of our procedures, information is lost in the case that both 
sides of the equation are zero: this is addressed in Section 1731 recall from Definition 
I7.11l that we say a matrix (a,j) G GL(d, K) has the divisibility property if aij ^ 0 
for all i,j. 

Remark 7.14. Throughout this section and the next, we make frequent refer¬ 
ence to Lemma O which states (in short) that, with a few exceptional cases, 
we have {(1,j) | 1 < j < d,j ^ d' /2 + 1} C App^. We prove several re¬ 
sults in this section which depend upon membership in App^,, and so we do 
not technically require Lemma 16.21 until we ‘use’ the results to produce the Al¬ 
gorithms FindConstantsSymSquare and FindPreimageSymSquare. However, the 
reader should keep in mind that ( 1 , d' /2 + 1 ) is the only possible exception to the 
general rule that ‘( 1 , j) is always in App^/. 


Moreover, it is always true that (i,j) G App^ whenever (i — 1, j — 1) G App^/. 

7.4.1. Relations Between the Values Kij : ke,dj,aij. In this section we derive certain 
relations between the constants <kj > and a,;-/, which are obtained through ma¬ 

nipulations of © along with the assumption that (a^-) has the divisibility property. 
Note that while all of these relations apply to the ‘negative’ versions of the , dj. 
we have no need for them. 


Lemma 7.15. Suppose that (1,1), (i,j) G App^y. Suppose that {aij) has the divis¬ 
ibility property as in Definition \7. 1 1\ If i = j, then Cu = 1, and if i < j then 

^2 


c 2 . =_- 

4k h 


^33,33 K H,33 

Proof. If i = j the result follows immediately from Corollary 16.91 Suppose now 
that i < j. Then by ©, noting that the are, by definition, never zero, and since 
Kijjj, Kjjjj 0 since g has the divisibility property (by Lemma [7J2]), we have 
2 


K. 


1 - 3 , 0 ] 


K-j 


Y 33,00 K ii,00 Cjj \™33 “33 ) C jj V* l 3 “‘J > 

and the result follows. Note that since q is odd, division by 4 is well-defined. □ 




(%j( 2a i3 a 3o)) 

——-= 4c 


Lemma 7.16. Suppose that (1,1) G App^. Then the following hold for all pairwise 
distinct integers i,j,t such that ( i,j ), ( j,t ) G App^/, when {a^) has the divisibility 
property as in Definition \ 7.1 1\ 
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(i) Kii,ii — d\ % , 
da d' 


(ii) dj = 


K- 


(iii) Define 


2 

a. 

1 l II ij 

; 

ii.ij 




2nn 


diedn — 


Cnn 

Then — 

Cje 


Kijji 


2K 7-1 7 1 


Proof. Part (i) follows on setting i = j = k = £ in ©. For (ii), applying © with 
pairs (i,i),(i,j), we have 

_ Cji t \ 
ftii,ij — \d J iiQ J ij)i 

Cij 

and the result follows since Cn = 1, by Lemma 17.151 


For (iii), note first that applying ©, we have 


ftii,ij ftij,jj 
^ K jj,jj K ii,jj 


( c “. an a.ij ) ( c ‘* 2 dij a,jj) 

2 (^)(f4) 

andjj 1 - 


Secondly, again applying ©, 
ft ii.ii ftn 




2 Kj 


— {p>ijdj£ T (Ijjdjj ) 
c je 


(c!< 2ai o djj ) ( a>jj dje) 


2a P 


— {dijdje T d'ijiiiy ,) dij dje 

Cje Cje 

Cij 

— die djj ■ 
c je 


Multiplying the two gives the result. 


□ 


We now use Lemma l7.16l to give a result which allows us to isolate the ay from 
the dj (we will use this to extract the Cij first, and once they are known it will be 
relatively easy to find the dij): 

Lemma 7.17. Let ( iii)i,j,k be defined as in Lemma \7.16^ iii), let k > 1 be odd, and 
set j = Then if (1,1), (1, j), (1, k), (j, k) £ and if (dij) satisfies the 

divisibility property as in Definition \7.11\ we have 

— 1 


dikdn — (iii) i ^jj. 


3,33 


4n 7 


j Nil, 


Proof. By Lemma 17. 1 (if iii), we have 


Now Cjk = cfj 

EH 


(iii)i,j t k — 


Cij 

—dlkdll. 

Cjk 


and hence — 

c jk 



1-qi- 1 

2 


The result then follows by Lemma 

□ 
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It may seem that the result of Lemma 17.171 is sufficient to determine the a,ij for 
very many (i, j) without any care for the values of the dj. However, for simplicity, 
and since things become increasingly complex when there are issues with (i,j) ^ 
ApPw; we prefer to calculate the dj in any case: it is better to deal with any 
potential difficulties in the preprocessing procedure Initialise rather than in the 
procedure Findlmage, which may be run many times. 

Lemma 7.18. Let be defined as in Lemma | 7. 1 bY iii), let k > 1 be odd , 

and set j = ^±I. If (a y ) has the divisibility property as in Definition \7.11\ and 
(l,l),(l,j),(l,k),(j,k) G App^, then we have 

qj ~ — 1 

e _ (^)i,j,fc | K i i,n j 

Kll,lk \4KjjjjKu,jj J 

Proof. The result follows by applying Lemmas 17. lGl iil and 17. 171 to Cifc. □ 

We now find analogous results to Lemmas 17. 171 and 17.181 for even k. 


Lemma 7.19. Suppose that (1,1), (1,2) G App^, and suppose that ( atj ) satisfies 
the divisibility property as in Definition\7.11\ Let c ' 12 be a square root of 


k 12,22 


4 ^ 22 , 22 ^ 11,22 ’ 

and let y = Then y G {±1}, and c' 12 G K. Moreover, for any even k > 2, set 
C 12 

j = k/2. Then if (1, j), (1 , fc), (j, k - 1) G App w , we have 

aifeOii = I [in )i,2,fc—- I V- 


'12 


Proof. By Lemma 17.151 we have 


K 12,22 


12 4 ^ 22 , 22 ^ 11,22 ' 

and so since the square roots of the right hand side are ±ci 2 , both square roots lie 
in K. Then labelling either of these c' 12 , we have C 12 = ±c' 12 , and so y = ±1. 


For each j < d’/ 2 with (1, j), (1, k), (j, k — 1) G App w , set k = 2 j. By Lemma 

Etih), 

(~ , \2 

— aifcdn = (m)i, 2 ,fc, 

C2k 

and since C 2 k — fc _ 1 we have 


aifcOn = (Hi) 1 , 2 ,fc 


(Cl,fc-l) 9 


Cl2 


= ( (ni)i,2,k 


Kfc-i ) 9 


y 


as required. 


□ 


Lemma 7.20. Let k > 2 be even and suppose that (1,1), (1, j), (1, k), (2, k) G 
Appjy> an d ( a ij ) has the divisibility property as in Definition \7.11\ Let c' 12 ,y be 
defined as in Lemma \7.19\ above, and define 

(m)i, 2 ,fc (ci, fc _i) 9 


c lk — 


Ci 


12 


Then c lk = c' lk y. 


«11,1 k 
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Proof. Using Lemmas 17. lhl iil and 17.191 we have 


1 1 
Clfc — - Cluaik — 


Kll,l k 


«T1,1 k 


C l,k-1 1 

(***)i,2 ,fc—— y, 


-12 


and the result follows. 


□ 


The following result proves that if we ‘incorrectly guessed’ the value of C 12 (that 
is, if y = — 1 ), then we will find instead the values c“, and so without loss of 
generality we may assume that y = 1. 


Lemma 7.21. Let To = {cij | ( i,j ) G App^},^ - = {c“- | ( i,j ) G App w } be as 
defined in Corollary \6.9\ Let y = ±1, and define Tf' := {cC | ( i,j) G App^/} as 
follows. For 1 < j < d 1 with (1 ,j) G App^/, let 


c 





if j is odd; and 
if j is even; 


and for 2 < i < j < d' with (i,j) G App^, set cU = (c'_ l j _ 1 ) <? . For ( i,j ) G App w 
with j > d', set cU = Cjj. 


Then for all (i,j) G App^, 



1 < i < j < d', we have that 

if 1 < i < j < d' and j — i is odd; and 
otherwise. 


In particular, we have 


^ if y = 1; and 

^~ ify = -l. 


Proof. If i = 1, then the result follows immediately from the definition of cP. We 
now suppose that i > 1 and proceed by induction. If j — i is odd, we have that 

c ij = ( c »—l,j— i ) 9 = ( c i-l,j-l) q = Cij. 

If j — i is even then 

c 'ij = (c'i-i,j-i ) 9 = C Ci-i,j-iy) q = Cijy, 

since y q = y. 


The second assertion follows trivially when y = 1, and when y = —l we have 
that the definition of cG g ^~ matches exactly the definition of c- G when 


V = -i- 


□ 


Proposition 7.22. Assume that Conjecture \7.13\ holds. Then ifG ^ {Sp(d, 3), SO e (d, 3)}, 
then Algorithm 0 returns returns correct values Cij = c± for 1 < i < j < d', or 
FAIL; and is a Las Vegas algorithm with complexity 

0({(.h + P q c d{d 5 + log q)) log e _1 ), 

where £h is the cost of choosing random elements from H, and p qd i is the cost of 
a field operation in K. 
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Algorithm 5 FindConstantsSymSquare 

Input: A basis d?w = {fij I (h j) £ App w } U of Wk, satisfying the conditions 
in Lemma 16.81 and an acceptable probability of failure e £ (0,1). 

Output: One of the sets {c,,- | 1 < i < j < d'}, {c“- | 1 < i < j < d'} as described 
in Corollary 16.91 or FAIL. 

Procedure: 

(i) Choose a random element g £ G, and find the matrix (nij.ki) of g with 
respect to the basis J■ If at any time during the rest of the procedure a 
division by zero is attempted, choose another random element and begin 
again, until T selections have been made, where T = [41oge -1 ]]. If the 
steps below cannot be completed on any of there T random elements then 
return FAIL. 

(ii) Set cii = 1, and for 2 < j < (d 1 + l)/2, set k = 2j — 1, and compute 



where (iii)i,j,k is as i n Lemma \7 .161 iii). This provides cifc for all (l,k) £ 
Appw with k odd. 

(iii) Compute C 12 as one of the square roots of 


K 1222 


4k2222«1122 

(iv) For 2 < j < d'/2 , set k = 2 j. If (1, k), (2, k) € App^y, then compute 

_ (m)i, 2 ,fc (ci,fc_i) g 


Clk — 


^ 11,1 k c 12 


(v) If there exists k such that (l,fc) £ App^y and we have not yet computed 
Cife, then d',d '/2 are even and we compute 



(vi) For (i,j) £ Appy/ with 2 < i < j < d, compute c l3 = c ?_ 1 j_ x . 


Proof. Subject to (ciij) having the divisibility property, the correctness of the values 
Cij follows from Lemmas 17.18117.20117.211 and 16.21 noting that we may return the 
set {c~j} in place of {c^}. 

For each randomly selected g , we compute the matrix this requires matrix 

conjugation: conjugating by a matrix is equivalent to one inversion operation and 
two multiplications, for a total cost of Oi^p^d'ri^^j = ()( d 6 ). 

The computation of (iii)ijk requires a constant number of field operations in K, 
and so has cost 0(p q d'). Step (ii) ’s most expensive operation is the computation 
of a power of order 0(q d ), and so its cost is 0(p qd > log q d ) = 0(p qd ' dlog q). Step 
(iii) requires the computation of a square root in K , which has cost 0(p qd 'dlogq). 
Steps (iv)-(vi) require only the computation of qth powers, and so have complexity 
less than step (ii). Thus the procedure costs 0(p qd '(d 6 + dlogg)) if (a,y) has the 
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divisibility property. 

Assuming Conjecture 17.131 holds, we have that the probability that (o^-) has the 
divisibility property is at least 1/2, and so setting T = f4 log e —1_ |], the procedure 
returns FAIL w 1 11 1 probability less than e . and has complexity O '(/// —(— Pqd. 1 {d 6 + 
d log q))) = 0 ((£ h + P q <i>d 5 (d + log q)) log e" 1 ). □ 

8. Probability and Proportions 

The effectiveness of any algorithm which chooses random elements is dependent 
upon probability: namely, the probability that a randomly chosen element has the 
properties we need. In our case there are two issues at hand: the probability that a 
randomly chosen element has the required eigenstructure, and later that randomly 
chosen element do not have zeroes in places that we don’t want. 

8.1. Counting Special Elements. In this Section we determine, using the Quokka 
Theory of Niemeyer and Praeger, lower bounds for the proportions of Special El¬ 
ements in Classical Groups. We provide only a very brief summary of Quokka 
Theory here: for more see mm- 


Quokka sets are subsets Q of a finite group G of Lie Type whose proportion in 
G can be found by determining certain proportions in maximal tori in G and in the 
Weyl group of G (respectively, an abelian group and a permutation group - both 
much simpler to deal with). Recall that each element g € G has a unique Jordan 
decomposition g = su , where s £ G is semisimple, u £ G is unipotent and su = us 
(with s and u called the semisimple part and u the unipotent part of g respectively 

a p. ii]). 

A nonempty subset Q of G = GL(n, q) is a quokka set if the following two conditions 
hold: 

(i) if g £ G has Jordan decomposition g = su with semisimple part s and 
unipotent part u. then g £ Q if and only if s £ Q\ 

(ii) Q is a union of G-conjugacy classes. 

By IS Lemma XX], the characteristic polynomial of the semisimple part s of g is 
the same as the characteristic polynomial of g: thus all properties of the eigenvalues 
of a group element are preserved in this ‘transition’ to s. It follows that: 

Lemma 8.1. Let S be the set of Special Elements of a finite group of Lie Type G 
as in Definition 1 3. 31 Then S is a Quokka set. 

Suppose that F g is the algebraic closure of ¥ q , with F the Frobenius morphism 
(so that the fixed points of F in F g are precisely F g ). Then as outlined in m 
Section 3], choose a maximal torus T 0 of GL(n,F g ) so that W = Nq(T 0 )/T 0 is the 
corresponding Weyl group (isomorphic to a subgroup of Sd). 

A subgroup H of the connected reductive algebraic group GL(n, F g ) is said to be F- 
stable if F(H) = H, and for each such subgroup H, we write H F = H fl GL(n, F g ). 
We define an equivalence relation on W as follows: elements w,w' € W are F- 
conjugate if there exists x £ W such that w' = x~ 1 wx F . The equivalence classes 
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of this relation on W are called F-conjugacy classes [2j p. 84], The GL(n, F g )- 
conjugacy classes of F-stable maximal tori are in one-to-one correspondence with 
the .F-conjugacy classes of the Weyl group W. The explicit correspondence is given 
in {21 Proposition 3.3.3]. 

Let C be the set of F-conjugacy classes in W and, for each C G C, let Tq be a 
representative element of the family of F-stable maximal tori corresponding to C. 
The following theorem is a direct consequence of [19] Theorem 1.3]. 

Theorem 8.2. Suppose that Q CG = GL(n, q) is a quokka set. Then 

nm IQ] v |C| \TgnQ\ 

{ J |G| §£\W\ \Tq\ ' 

where W is the Weyl group of G, is the set of conjugacy classes of F-stable 
maximal tori in G, and Tc is a representative torus in the conjugacy class C. 

Theorem 8.3. Let G F be as in the 5th column of Table\^let d be the natural 
dimension of G F , and let S be the set of special elements of G, as defined in 
Deftnition \3.3\ (see Table\^for reference). Then the proportion |5j/|G F | is bounded 
below by the corresponding value in the final column of Table [H 

In all cases, the proof is similar to the proof of [19] Theorem 1.9], in which 
Niemeyer & Praeger use this theory to determine the proportion of ppd(d; g; d')- 
elements. In particular, the arguments used there for finding the proportion are 
nearly identical: the Weyl Group and proportion are as listed in Table [5] Thus we 
summarise the proof and give the important values in Table [5] for a very detailed 
proof in all cases, see [3] Chapter 6 ]. The maximal torus corresponding to the F- 
conjugacy class of W is given in the 7tli column of Table [5] and is exactly as in the 
proof of [191 Theorem 1.9]: the only difference in our case is the extra conditions we 
impose on the order of a special element: this difference manifests in the proportion 
\S fl Tc|/||Tc|: for this we need the following Lemma. 

Lemma 8.4. Let a be a positive integer, let G = Z a; and let X be the set of 
elements of G of order a. Then \X\ = p(a ) > 3 1a , where p is Euler’s Totient 
Function, which counts the number of positive integers strictly less than a which 
are coprime to a. 

Proof. Let 1 be a divisor of a. The proportion of elements of Z a having order 
exactly t is p(t), and the second inequality (which we have simplified from p(a) > 
(iog_2) since log2 > |) can be found in (T5] 1.1.5] (citing [6]). □ 

Thus in every case, we apply Lemma 18.41 to bound below the proportion of 
elements of the torus Tc contained in S (that is, having the required order as in 
Table [ 2 ]) , to bound below the value |S C\Tc\/\Tc\, with the results given in the 9th 
column of Tabled (in the case d! = d — 2, we must apply Lemma [8.11 twice: once 
to each cyclic component). We obtain a lower bound for |Sj/|G| ( 10 th column) by 
combining this with the proportion |G|/|IT| ( 8 th column) found in [19] [3]. 

9. Implementations 

The original (unofficially released) implementation of this algorithm was in GAP 
and at the time of writing has been made public at the first author’s website, or 
by direct contact. It is likely to be implemented in a more official way in the 
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SL(10, q) < GL(55, q) 


Black Box 

New 

ICT 

Init 

Preimage 

Init 

Preimage 

4 

2.402 

0.13354 

0.07025 

0.00815 

9 

33.727 

2.13191 

1.33375 

0.171835 

37 

232.847 

8.57023 

1.95 

0.0902475 

Sp(10, 5 )<GL(55, 5 ) 


Black Box 

New 

IOI 

Init 

Preimage 

Init 

Preimage 

5 

3.338 

0.22542 

0.429 

0.042745 

9 

30.904 

1.60463 

1.174 

0.0689925 

37 

150.806 

5.46581 

1.478 

0.1212525 


Table 3. Comparison of runtimes (in seconds) between Black Box 
and specialised algorithms in MAGMA. 
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IB 

4 

5 

8 

SL (d,q) 

IB 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

10 

0.1405 

1.63 

0.9205 

7.839 

0.398 

1.607 

14 

1.5365 

4.493 

6.872 

95.527 

5 

7.4645 

20 

17.9245 

19.227 

89.1155 

922.863 

17.8075 

24.2035 

Sp (d,q) 

B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

10 

0.117 

0.011465 

0.67475 

0.071 

0.503 

0.0197725 

14 

1.84475 

0.0457875 

6.279 

0.941465 

3.8845 

0.0523775 

20 

18.2205 

0.183105 

123.12775 

9.5988575 

20.0345 

0.2331425 




SU (d,q)~ 

- d even 



B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

10 

0.823 

0.061035 

2.05525 

0.12909 

1.3805 

0.0757375 

14 

5.9865 

0.0974225 

23.18175 

2.5565 

4.368 

0.0771025 

20 

25.1825 

0.2919175 

315.3325 

28.06579 

47.56475 

0.556885 




SU (d,q) 

- d odd 



B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

9 

0.542 

0.0047575 

3.15 

0.009985 

0.9905 

0.007565 

13 

1.68875 

0.0157175 

22.5265 

0.30116 

3.7635 

0.023165 

19 

45.5795 

0.1873175 

227.84325 

10.75861 

76.5225 

0.22316 


B 

5 

7 

9 

SO ~(d,q) 

B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

10 

0.706 

0.06244 

0.75275 

0.0753875 

1.02575 

0.0678225 

14 

7.176 

0.945755 

7.96775 

1.265245 

21.99625 

2.5359525 

20 

126.275 

9.5132925 

135.2685 

12.0210075 

177.7475 

15.30327 

1 SO + (d,q) 

B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

10 

0.10925 

0.0102175 

0.90875 

0.0780775 

1.2285 

0.077415 

14 

7.141 

0.83285 

0.513 

0.8535975 

14.1765 

2.0481375 

20 

96.54125 

9.5089875 

112.348 

9.8805575 

150.4045 

13.3346925 

SO u (d,q) 1' 

B 

Init 

Preimage 

Init 

Preimage 

Init 

Preimage 

9 

0.113 

0.01439 

0.35875 

0.034555 

0.57325 

0.0407175 

13 

2.258 

0.21146 

2.453 

0.2374325 

4.18075 

0.3691775 

19 

61.875 

8.86234 

55.31025 

7.1629025 

108.90825 

10.0354275 


Table 4. Average runtimes (in seconds) for various groups (in 
MAGMA). 

















































































































































Case 

d 

G 

F 

G F 

W 

A r 

r +1 

GL(d,V q ) 

a q 

GL(r + 1, q) 


2 A r 

r + 1 

S\J(d,¥ q ) 

<r q (~T) 

SU(r + 1, q) 

S r -\-l 

B r 

2 r + 1 

SO(d,¥ q ) 

a q 

S0(2r + 1, q) 

S 2 l S r 

C r 

2 r 

S P (rf,Fg) 

a q 

Sp(2r, q) 

S 2 lS r 

D r 

2 r 

so+kf 9 ) 

a q 

SO+(2 r,q) 

( s 2 1 S r ) n A 2r 

2 D r 

2 r 

SO"(d,F,) 

° q {-T) 

SO" (2 r,q) 

{S 2 i s r ) n A 2r 



Structure of Torus Tc 77777 lb for ^ lb for 

\yy\ \±c\ 
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future. A MAGMA implementation of this and other functions (namely, similar 
algorithms for all absolutely irreducible modules of degree at most d 2 ) is also in 
development, and the Symmetric Square case is complete. We perform tests using 
the implementation in MAGMA, comparing the runtimes (in seconds) in the Linear 
case against MAGMA’s algorithm RecogniseSL, and in the Symplectic case against 
MAGMA’s RecogniseSpOdd. Both are implementations of the Kantor-Seress Black 
Box algorithm (9j. Note that while in the Linear case, the Magaard-O’Brien-Seress 
algorithm m is implemented in GAP, this is essentially identical to our algorithm, 
and so we compare against the Black Box algorithm to illustrate the effectiveness 
of our methods. In practice, our implementation is slightly more efficient than the 
existing implementation, and both are considerably faster than the Black Box (of 
course, the Black Box methods have a much wider scope). 

The MAGMA implementation was produced in July 2013, with the help and hos¬ 
pitality of the University of Auckland (in particular, Professor Eamonn O’Brien). 

We provide this comparison (see Table E]) in the Linear and Symplectic cases, 
and the runtime gains in all cases are comparable. Table 0] gives sample runtimes 
for all cases for various values of d and q. The stated runtimes are averaged over 
several runs of Initialise and several hundred runs of FindPreimage. All times 
are given in seconds. 
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